[Sailfish 3] Numeric pin as LUKs passphrases make device encryption useless
Hello,
it seems that Sailfish 3 now encrypts by default the home partition using LUKS.
The problem is that the numeric code set by the user is actually the LUKS passphrase too.
I can imagine that cracking LUKS for numeric passphrases under 8 characters is matter of seconds. I don't even want to think what would be the length of a safe numeric-only passphrase.
Probably most users are not setting 30-number-long pins, specially given the pin is requested from time to time (without fingerprint unlock, all the time, just to unlock the screen).
Given that flashing is and must remain unlocked (at least in the XPerias), I can imagine it is trivial to flash a new bootloader and get access to the encrypted partitions.
Am I missing something here? Is it possible to lock flashing (i.e. fastboot flashing lock_critical
)?
If things are like this, sailflish should ask for an actual password (or complex pattern) to decrypt and mount LUKS on boot, and then use an additionally user pin for all the other things (assuming there is no way to use any safe-enclave in the HW).
@goldenowl: can you provide a source for this? How do you know the PIN is also the passphrase for LUKS?
Are you using a Xperia 10? As of now only those models come with home encryption enabled.
And since encrypting an SDCard requires a passphrase (independent of the devices' PIN), it would be very unusual not to use one for the encryption of home, too.
rozgwi ( 2020-01-05 03:36:44 +0200 )editThere also is the possibility that SailfishSecrets may handle storing the LUKS passphrase and decrypting the partition once the device has been unlocked using the PIN is done with a dedicated passphrase nonetheless.
I am using an Xperia 10.
I installed cryptsetup and checked the device that is luks-mapped to the home partition. It contains a single encryption key. I verified that the passphrase to access that key is my numeric pin as requested when booting the phone and it is.
Try it out: to verify it I just did
goldenowl ( 2020-01-05 15:15:44 +0200 )editcryptsetup luksAddKey /dev/disk/by-uuid/a61febbf-0920-4053-bd83-86b58ef26e46
(your /home disk uuid will be different) which asks for a current passphrase before asking for a new one. Providing anything other than my pin results in an error message saying there are no keys for the given passphrase.wow that's odd. can't verify since I don't have a 10. but using the PIN as password really doesn't seem very secure.
rozgwi ( 2020-01-06 01:02:23 +0200 )editUsing the PIN directly as a LUKS passphrase is a shockingly stupid move from Jolla, even if a temporal solution.
William ( 2020-01-06 12:12:23 +0200 )edit