Twitter | Pretraživanje | |
Hector Martin 17. sij
Thread about numeric passcode strength on iPhones. And *this* is why I consider my rooted Android phone to be more secure than iPhones under a whole category of attack scenarios. Because I can use separate 25-character full ASCII *startup* password and an 8-digit *unlock* code.
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Hector Martin 17. sij
Odgovor korisniku/ci @marcan42
Sure, you can try to attack my phone from a powered-but-locked state, but if you screw up and it reboots, or if you attempt any boot chain attacks, or if the battery runs out, you are *not* getting in. Period.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Hector Martin 17. sij
Odgovor korisniku/ci @marcan42
I don't know why nobody offers this option of split FDE/unlock codes by default (neither iPhones nor stock Android). It's such a massive no-brainer to increase security to basically "unbreakable" under an entire class of practical attack scenarios.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Hector Martin
(And we can already do this exact thing for FDE on desktops/laptops, so it's not like it's novel)
20:38 - 16. sij 2020.
Reply Retweet Označi sa "sviđa mi se" More
Paul McMillan 17. sij
Odgovor korisniku/ci @marcan42
Android used to allow it. I suspect they stopped because phone reboot is so rare for most users they forget the passcode. Biometric + alphanumeric password isn't a bad split in modern android for some threat models. But then again, they took away true full disk encryption too.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Hector Martin 17. sij
Odgovor korisniku/ci @PaulM
I don't remember Android ever allowing it. It always required rooting and running a vdc command to change the FDE password, AFAIK.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Dougall 17. sij
Odgovor korisniku/ci @marcan42
iirc macOS removed this recently, and tied FDE to login passwords :(
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"