No using IMEI alone is an insecure way to authenticate, whether you hash etc. I can start guessing IMEI number using brute force and ultimately get access based on someone's IMEI.
On Sat, Oct 22, 2011 at 6:36 AM, Kevin Veroneau <[email protected]> wrote: > Wouldn't it be more secure if they hashed the imei before placing it into > the header? This way a unique hash can be used as an authentication key. > Hashes are more difficult to match. Or to make it more difficult, slit the > imei into 2, hash both parts, and combine them together in the same string. > An md5 hash for example is 33 bytes long, if using that method, the app/site > would send a long 66 byte hashed imei to the server to uniquely identify > itself. If I built an android app, I'd use this method to secure each apps > license and in-app purchases. > > Kevin Veroneau > [email protected] > -- > Sent from my Motorola Xoom > On Oct 22, 2011 5:41 AM, "Nick" <[email protected]> wrote: > >> >> > What I am saying that this is a poor way to authenticate a device? The >> > simple app can trigger a http request with another IMEI nos and get >> access. >> >> I don't know how to use IMEI in PlayReady system. >> >> >> # "nos" means "numbers" ? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. >> >> -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
