[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Android Full Disk Encryption Broken - Extracting Qualcomm's KeyMaster Keys



> On 07/03/2016 11:44 AM, Spencer wrote:
> > Hi,
> > 
> >>
> >> break Android's Full Disk Encryption
> >>
> > 
> > But muh dick pics!
> > 
> > Wordlife,
> > Spencer

On Sun, Jul 03, 2016 at 11:53:37PM -0500, gnu3ra wrote:
> This doesn't seem to be too much of a worry as long as the user uses a
> ridiculously long password.

The longer the picture, the longer the password, that's what I always
say.


> LUKS on linux does not use any hardware
> backed storage and it still fares fine. The only beef I have is if the
> key derivation function is weak (allowing for faster brute forcing).
> This can still be fixed by using >64 characters and many many bits of
> entropy.

Yep, instead of a 4-number pin at the login screen, I can really see
folks going for a > 64 character pin phrase ... that extra entropy will
be simply irresistible to folks with very, long, pictures.