In the following we'll address frequently asked questions
about the Tresør application.
Question:
PIN storing doesn't
work!
Answer:
On some phones
you need to move the application to the phones
internal memory.
Question:
Importing
and exporting password files (JSR 75)
doesn't work.
Answer:
On most phones
you need to give the application the right to
read and write data before import and export works.
Out of that, check with your phone manufacturer that your phone supports the optional
JSR 75 (PDA Optional Packages for the J2ME® Platform) functionality.
Question:
Why exits the application after 2 minutes?
Answer:
It's a security function to
exit the application after 2 minutes of inactivity. This protects
your data in case you leave your phone with the application
started and PIN entered somewhere unwatched.
Question:
The backlight of the
display goes off before I can finish copying my password.
Can you change that?
Answer:
There is no manufacturer
independent way to accomplish this. You'd have to change the
general display or power saving settings of your phone.
Question:
How can I protect myself from data loss?
Answer:
Export your passwords often to your micro SD
storage and/or to your desktop computer.
Question:
How can I migrate my data to a new phone?
Answer:
Follow these steps:
Export your passwords on the old phone,
move the export file to your new phone (using your PC),
install Tresør on the new phone,
import the file on the
new phone using the newly installed Tresør application.
Question:
How easily can my master PIN be cracked?
Answer:
The longer your PIN is the better. Internal
testing in 2010 with current consumer hardware
has given the following numbers for a brute-force-attack:
PIN digits
Time to crack
6
10 seconds
7
111 seconds
8
20 minutes
9
223 minutes
10
41 hours
11
18 days
12
207 days
13
6 years
Please note that the numbers may differ in a big
magnitude if the attackers have good equipment
and good IT skills.
Question:
How many digits should my PIN have?
Answer:
If you lose your cell phone or it gets stolen
you should have enough time to disable your bank and web accounts. Take a look
at the table above and add some extra safety.
Question:
I've forgotten my PIN. Can you help me?
Answer:
It's our policy to not crack or help cracking
PINs and break laws.
Question:
How secure are my passwords?
Answer:
The passwords are encrypted
using the AES-256 algorithm with a random initialization
vector and SHA-256-hashed PIN. The PIN hash itself is not
stored to avoid rainbow table attacks.
Question:
Can a thief extract
the passwords to his PC without the PIN?
Answer:
It depends on your
mobile phone implementation. You should calculate
that he can.
Question:
Why is the PIN
numeric? An alphanumeric PIN would be more difficult
to break.
Answer:
That's right.
Restricting the PIN to be numeric speeds up
application usage on numeric keypad phone models.
On this type of phones the risk of mistyping
alphanumeric PINs is much larger.
Question:
Will there be an Android® version?
Answer:
An android version is not
planned at the moment. You can check whether this online
converter works: http://www.netmite.com/android/.
Question:
What if my question
isn't answered here?
Answer:
Customers can reach the
customer support at this address:
customer support.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Software Products