|
@marcan42 | |||||
|
I don't know why nobody offers this option of split FDE/unlock codes by default (neither iPhones nor stock Android). It's such a massive no-brainer to increase security to basically "unbreakable" under an entire class of practical attack scenarios.
|
||||||
|
||||||
|
|
Hector Martin
@marcan42
|
17. sij |
|
Thread about numeric passcode strength on iPhones.
And *this* is why I consider my rooted Android phone to be more secure than iPhones under a whole category of attack scenarios. Because I can use separate 25-character full ASCII *startup* password and an 8-digit *unlock* code. twitter.com/matthew_d_gree…
|
||
|
||
|
|
Hector Martin
@marcan42
|
17. sij |
|
Sure, you can try to attack my phone from a powered-but-locked state, but if you screw up and it reboots, or if you attempt any boot chain attacks, or if the battery runs out, you are *not* getting in. Period.
|
||
|
|
||
|
|
Hector Martin
@marcan42
|
17. sij |
|
(And we can already do this exact thing for FDE on desktops/laptops, so it's not like it's novel)
|
||
|
|
||
|
shuffle2
@shuffle2
|
17. sij |
|
If it were more common, then attackers would think very carefully before allowing the phone to reach a state where they need to go through boot. You're also assuming there's no alternate (remote/0click) way in under lock.
|
||
|
|
||
|
|
Hector Martin
@marcan42
|
17. sij |
|
I'm not saying there is no other way in, I'm saying this eliminates the entire class of boot chain exploits.
|
||
|
|
||
|
Dougall
@dougallj
|
17. sij |
|
I'd like it, but I'd guess it's human factors? If people only use the password when you turn on the phone, and they choose a more random/secure password for that, they tend to forget it and get locked out. Probably hard to keep the UI clear too.
|
||
|
|
||
|
|
Hector Martin
@marcan42
|
17. sij |
|
Stick it under an advanced menu and put a big warning next to it then. Do it in the developer menu on Android if you must, that's already hidden by default.
|
||
|
|
||