diff options
author | bnewbold <bnewbold@robocracy.org> | 2012-08-17 15:56:30 -0400 |
---|---|---|
committer | bnewbold <bnewbold@robocracy.org> | 2012-08-17 15:56:30 -0400 |
commit | ad2cda82ffb0be1c86feb5110a5f906f27baf2d0 (patch) | |
tree | 17260a34445af5c402643c4356c81d940fb5cfc8 /software | |
parent | 8c257974afb4f3e7db3591e3633e7e26c89003e3 (diff) | |
download | knowledge-ad2cda82ffb0be1c86feb5110a5f906f27baf2d0.tar.gz knowledge-ad2cda82ffb0be1c86feb5110a5f906f27baf2d0.zip |
android FDE
Diffstat (limited to 'software')
-rw-r--r-- | software/android.page | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/software/android.page b/software/android.page index 9e638ac..a5f1576 100644 --- a/software/android.page +++ b/software/android.page @@ -19,3 +19,19 @@ on my static site). Use recovery mode to install SuperUser from the "Install" menu (could skip this step?). Then install the CyanogenMod package the same way. +# Full disk encryption + +Using a short pin or swipe pattern is generally reasonable on android devices +to protect against many attacks because the unlock program will lock up after +repeated incorrect attempts, making naive brute forcing impractical. The best +technique for brute forcing is to take a full disk image and crack offline, in +which case a short pin will be defeated trivially. Notably, off the shelf +hardware seems to exist for dump images quickly and easily, eg at a border +crossing. So there is a good motivation to have a stronger disk encryption +password and a short (convenient) screen unlock pin. + +The default policy in android 3.1 doesn't allow this using the UI, but it can +be done [from the command line](http://nelenkov.blogspot.com/2012/08/changing-androids-disk-encryption.html): + + $ su -c "vdc cryptfs changepw <newpass>" + |