Android Full Disk Encryption Broken - Extracting Qualcomm's KeyMaster Keys
Zenaan Harkness
zen at freedbms.net
Sun Jul 3 22:51:16 PDT 2016
> On 07/03/2016 11:44 AM, Spencer wrote:
> > Hi,
> >
> >>
> >> break Android's Full Disk Encryption
> >>
> >
> > But muh dick pics!
> >
> > Wordlife,
> > Spencer
On Sun, Jul 03, 2016 at 11:53:37PM -0500, gnu3ra wrote:
> This doesn't seem to be too much of a worry as long as the user uses a
> ridiculously long password.
The longer the picture, the longer the password, that's what I always
say.
> LUKS on linux does not use any hardware
> backed storage and it still fares fine. The only beef I have is if the
> key derivation function is weak (allowing for faster brute forcing).
> This can still be fixed by using >64 characters and many many bits of
> entropy.
Yep, instead of a 4-number pin at the login screen, I can really see
folks going for a > 64 character pin phrase ... that extra entropy will
be simply irresistible to folks with very, long, pictures.
More information about the cypherpunks
mailing list