From ad2cda82ffb0be1c86feb5110a5f906f27baf2d0 Mon Sep 17 00:00:00 2001 From: bnewbold Date: Fri, 17 Aug 2012 15:56:30 -0400 Subject: android FDE --- software/android.page | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'software') diff --git a/software/android.page b/software/android.page index 9e638ac..a5f1576 100644 --- a/software/android.page +++ b/software/android.page @@ -19,3 +19,19 @@ on my static site). Use recovery mode to install SuperUser from the "Install" menu (could skip this step?). Then install the CyanogenMod package the same way. +# Full disk encryption + +Using a short pin or swipe pattern is generally reasonable on android devices +to protect against many attacks because the unlock program will lock up after +repeated incorrect attempts, making naive brute forcing impractical. The best +technique for brute forcing is to take a full disk image and crack offline, in +which case a short pin will be defeated trivially. Notably, off the shelf +hardware seems to exist for dump images quickly and easily, eg at a border +crossing. So there is a good motivation to have a stronger disk encryption +password and a short (convenient) screen unlock pin. + +The default policy in android 3.1 doesn't allow this using the UI, but it can +be done [from the command line](http://nelenkov.blogspot.com/2012/08/changing-androids-disk-encryption.html): + + $ su -c "vdc cryptfs changepw " + -- cgit v1.2.3