summaryrefslogtreecommitdiffstats
path: root/software
diff options
context:
space:
mode:
authorbnewbold <bnewbold@robocracy.org>2012-08-17 15:56:30 -0400
committerbnewbold <bnewbold@robocracy.org>2012-08-17 15:56:30 -0400
commitad2cda82ffb0be1c86feb5110a5f906f27baf2d0 (patch)
tree17260a34445af5c402643c4356c81d940fb5cfc8 /software
parent8c257974afb4f3e7db3591e3633e7e26c89003e3 (diff)
downloadknowledge-ad2cda82ffb0be1c86feb5110a5f906f27baf2d0.tar.gz
knowledge-ad2cda82ffb0be1c86feb5110a5f906f27baf2d0.zip
android FDE
Diffstat (limited to 'software')
-rw-r--r--software/android.page16
1 files changed, 16 insertions, 0 deletions
diff --git a/software/android.page b/software/android.page
index 9e638ac..a5f1576 100644
--- a/software/android.page
+++ b/software/android.page
@@ -19,3 +19,19 @@ on my static site). Use recovery mode to install SuperUser from the "Install"
menu (could skip this step?). Then install the CyanogenMod package the same
way.
+# Full disk encryption
+
+Using a short pin or swipe pattern is generally reasonable on android devices
+to protect against many attacks because the unlock program will lock up after
+repeated incorrect attempts, making naive brute forcing impractical. The best
+technique for brute forcing is to take a full disk image and crack offline, in
+which case a short pin will be defeated trivially. Notably, off the shelf
+hardware seems to exist for dump images quickly and easily, eg at a border
+crossing. So there is a good motivation to have a stronger disk encryption
+password and a short (convenient) screen unlock pin.
+
+The default policy in android 3.1 doesn't allow this using the UI, but it can
+be done [from the command line](http://nelenkov.blogspot.com/2012/08/changing-androids-disk-encryption.html):
+
+ $ su -c "vdc cryptfs changepw <newpass>"
+