android FDE

1 files changed, 16 insertions, 0 deletions

diff --git a/software/android.page b/software/android.page
index 9e638ac..a5f1576 100644
--- a/software/android.page
+++ b/software/android.page
@@ -19,3 +19,19 @@ on my static site). Use recovery mode to install SuperUser from the "Install"
 menu (could skip this step?). Then install the CyanogenMod package the same
 way.
 
+# Full disk encryption
+
+Using a short pin or swipe pattern is generally reasonable on android devices
+to protect against many attacks because the unlock program will lock up after
+repeated incorrect attempts, making naive brute forcing impractical. The best
+technique for brute forcing is to take a full disk image and crack offline, in
+which case a short pin will be defeated trivially. Notably, off the shelf
+hardware seems to exist for dump images quickly and easily, eg at a border
+crossing. So there is a good motivation to have a stronger disk encryption
+password and a short (convenient) screen unlock pin.
+
+The default policy in android 3.1 doesn't allow this using the UI, but it can
+be done [from the command line](http://nelenkov.blogspot.com/2012/08/changing-androids-disk-encryption.html):
+
+    $ su -c "vdc cryptfs changepw <newpass>"
+