Axim Password Brute Forcing

[scootss]

Hi Guys,

I'm new to the axim scene and I'll be deploying a bunch of these great PDAs to a group of users. I'm a little bit concerned about security and I've heard that the "power on" password can be bruteforced if the PPC is connected via active sync.

Some site mentioned certain manufacturers were taking steps to prevent this. Anyone know if Dell has beefed up the security at all?

Thanks!

[rai_dei]

well, you can always do it the old fashioned way and do a hard reset, i think that resets the password.

As for bruteforcing, im not sure, seems a little farfetched.

[Howard2k]

Hard Reset also clears all the information that is not on Storage Card or Built In Storage. So limited value to get around the password :)

A 4 digit number password has 10,000 combinations.
A 10 digital alpha password has 144,555,105,949,057,024 combinations (depending of course on the character set support etc., but a good rough number). Good luck with that brute force attack :)

[Howard2k]

There is also the time constraint. From the console the Axim will implement an increasing timeout between password guesses. Through AS I'm not sure if this still happens or not. But with a 20 digit alpha password I would let them go for their lives on a brute force.

[red-i]

at 1 try per second it would take at most 4 583 812 339 years!
That's with a 10digit alphanumeric as per howard's calculation of permutations.

Tell your group not to use built in storage or a storage card for sensitive data, that way as howard says, if it's hard reset, the data is gone (of course on that note make sure they backup frequently as well). Alternatively, you can use an encryption app to encrypt sensitive documents.