diff options
-rw-r--r-- | software/android.page | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/software/android.page b/software/android.page index 9e638ac..a5f1576 100644 --- a/software/android.page +++ b/software/android.page @@ -19,3 +19,19 @@ on my static site). Use recovery mode to install SuperUser from the "Install" menu (could skip this step?). Then install the CyanogenMod package the same way. +# Full disk encryption + +Using a short pin or swipe pattern is generally reasonable on android devices +to protect against many attacks because the unlock program will lock up after +repeated incorrect attempts, making naive brute forcing impractical. The best +technique for brute forcing is to take a full disk image and crack offline, in +which case a short pin will be defeated trivially. Notably, off the shelf +hardware seems to exist for dump images quickly and easily, eg at a border +crossing. So there is a good motivation to have a stronger disk encryption +password and a short (convenient) screen unlock pin. + +The default policy in android 3.1 doesn't allow this using the UI, but it can +be done [from the command line](http://nelenkov.blogspot.com/2012/08/changing-androids-disk-encryption.html): + + $ su -c "vdc cryptfs changepw <newpass>" + |