MobileSitter protects passwords, PINs and TAN lists using an innovative technique that offers higher security than conventional password managers. At the same time, MobileSitter is as easy to use as conventional products. Hackers get nuts due to MobileSitter's resistance against typical attacks (e.g., dictionary and brute-force attacks). Such attacks use trial and error to find the correct master password. Technologies like cloud computing allow to tremendously speed-up these attacks. Hackers do not even have expert knowledge to run the attacks. Many of these supposed secure password managers are actually easy prey for hackers, even if they use strong encryption algorithms such as AES, since important security assumptions for using these algorithms have been neglected by conventional products. MobileSitter is different. Here, strong cryptographic algorithms are applied in such way that hackers do not get any usable feedback. Thus, when using MobileSitter the stored passwords are secure.
Besides a higher security level, MobileSitter provides additional features such as secure random password generation and a backup and restore function to provide additional reliability of the stored secrets in case of defect, loss, or theft. MobileSitter combines higher security with convenience functions and easy to use interface.
MobileSitter was developed by the Fraunhofer Institute for Secure Information Technology SIT in Germany.
MobileSitter provides resistance against dictionary and brute force attacks. Nowadays, hackers usually test huge amounts of possible master passwords in order to get to the stored secrets. When using conventional password managers to encrypt data, a hacker can detect if the attempted attack was successful even without the necessity of testing the decryption result as a password at the respective service.
MobileSitter is different. Here, an attacker cannot decide if the attempt was successful when looking at the decryption results. MobileSitter accepts all master passwords. It decrypts the stored information on the basis of the given master password, irrespective of whether or not it is correct. However, the software misguides attackers by displaying wrong passwords.
Every decryption result looks as if it could be correct. For example, if a hacker decrypts a PIN assigned to a debit card using a master password, the decryption result that is returned will always be a four-digit number combination. From an attacker’s point of view - no matter whether hacker or hacking software - it is indistinguishable if the correct master password is found or not. For hacker or hacking software every decryption attempt seems to be successful.
To determine whether a decryption result is correct, the hacker has no choice but try to login with result at the respective service. There, however, additional security mechanisms of the service take effect after a defined amount of failed logins, e.g., three in the case of a debit card.
Further information can be found on http://www.mobilesitter.de
- Use of established cryptographic standards: AES, PBKDF2, ISO/IEC9797-1
- Group your secrets into folders
- Alphabetic and user defined sorting
- Search function
- Easy data backup (Email, USB mass storage mode)
- Encrypted backups
- Auto Log-Off
- Auto deletion of clipboard
- Easy master password change
- Easy device replacement
If you like MobileSitter, we would be happy if you write a review. Your feedback is always welcome. Please contact us to report any questions, comments or suggestions. Within the MobileSitter app use "Options" > "Send email" for contact.