We have moved to a new Sailfish OS Forum. Please start new discussions there.
4

Needing some enlightments in understanding ''encryption''

asked 2020-04-29 14:49:47 +0200

Yusssufff gravatar image

updated 2020-04-29 15:24:48 +0200

Hello Sailors! As far as the implementation of encryption just arrived, i wonder if you could enlight me on "how does it works"... I have been reading a couple of times this article, but i still left with wonders (article: https://jolla.zendesk.com/hc/en-us/articles/360011115540) My questions are:

1-As far as the password is typed when booting the phone, then all phone is decrypted right? Then if i just lock the screen, the phone doesnt get encrypted again right? That explains why you cant decrypt phone at boot with finger print but can "unlock" casually later the booted phone with finger print, right?

2-If my first assumtion from first question is correct, then: what is the point of encryption in a phone that is encrypted only when "shutted off", since most people never switch off their phones? And that if the device is stolen it would likely be switched on at that moment, screen locked but booted on already...

3-does encrypting the phone affects its overall performance?

4-How secure already is the "old" code protection from lock screen (that we have for many years now) and why and how is it less secure than the new encryption??

Thanks a lot!

edit retag flag offensive close delete

2 Answers

Sort by » oldest newest most voted
4

answered 2020-04-29 16:00:06 +0200

Lutwolf gravatar image

Hejhej,

1) The temporary "decryption" happens on boot-up wgen you are required to enter your password, right. Until you shut down, only the security password/lockscreen layer is used, so if 2) someone snatches your phone while it is unlocked, it is the same security level as if you hadn't encrypted it before. Well, as long as the thief doesn't shut it down (if i.e. being tired of guessing your security code or something like that, switching to brute-forcing via bootloader - at which point /home/ is encrypted, adding another big obstacle). To me, it is a great plus to have that, making it more troublesome for hardwired attackers and usually resulting in formatting the phone to sell it later instead of stealing important user/payment data which potentially causes more trouble.

  1. It has to decrypt/encrypt every process targeting the /home/ partition, but that's not noticeable enough (you do not suddenly push 6GB packets into your user directory, do you?).

  2. The old method blocks the lock screen, but (given that you set it to "unlimited tries") there's much less security as soon you have time, patience and an automated device (read: computer) which simply tries combination after combination ("brute-forcing") until the lock code is correct. Idk how much is visible partition-wise with or without encryption/lock code, but it is something different if there is a completely ibscured volume which is unusable without the correct code, or if there is a clear (tree/data) structure visible where only the user data cannot be accessed.

Add-On: entering the decryption code doesn't decrypt encrypted sd-card volumes, and I use quite a lot different of these. I like the thought that - should I lose my phone, maybe with enough time to deplete the battery - none of the data is easily accessable.

Cheers.

edit flag offensive delete publish link more
2

answered 2020-04-30 01:13:53 +0200

rozgwi gravatar image

updated 2020-04-30 01:24:17 +0200

Maybe I can contribute a small candle to your enlightenment. I'm not an expert though so anybody more savvy, please correct me.
In essence there's two different ways of 'locking your phone' that need to be differentiated.

With the 'new' encryption available with 3.3.0 we're talking about storage encryption. Namely Sailfish OS uses the encryption standard LUKS. The component responsible for managing keys, de- and encryption in the OS is called cryptsetup (In case you wanna dive into the technicalities.) The 'old' way you're referring to is the device's PIN code (to unlock the home screen)

I like using metaphors from real life to explain things so lets create a setup.

Storage encryption vs. PIN code

For the encryption of data on a storage device (e.g. your SD card or internal storage of phone) can be compared with having in your office a file cabinet with folders that are all locked up in special drawers requiring a key.
In reality when using LUKS encryption every file is encoded with a passkey. Unless you have that, the file becomes a garbled unreadable data blob.

Your devices PIN code is like the guard on the entrance of the building your office is in: If there is a person who knows the guard (e.g. your PIN) or has a valid ID to enter the office building, its easy for them to reach your office and the file cabinet with your documents. But without the key, they can't open the drawers.

Lets say you do not have any locks on your drawers (e.g. no encryption of home partition). In this case knowing the guardian will let attackers access your files easily. If the guardian is careless and sleepy, they might be able to trick him and gain access anyways (that would be the case of a too short and weak pin code).
And the third angle is to come at night and provoke a power outage. With the alarm system off, the attackers can access the building at will and get your files.
That would be the equivalent of powering off the phone (no battery lasts forever) and accessing the root file system via a bootloader or removing the SD card to read it elsewhere.

So storage encryption protects against attacks on the file system level, when someone has access to your phone.

System performance and live decryption

Now to the other part: Decrypting all the necessary files to use the phone and vulnerability resulting from it.

Imagine working with the locked file cabinet in your office: In order to use and process all the documents, you need to keep the key close by and leave at least a few drawers open.
That's what happens at boot time: Your home partition gets decrypted by cryptsetup using a key that is provided by you. Then, it keeps that key in memory for accessing files quickly without having to ask for it all the time. For this, cryptsetup has been designed to work very efficient. As Lutwolf stated already: You won't feel an impact. Unless you're trying to open multiple drawers at once (with one key), things will work smoothly.

With this analogy you'll see the importance of a good guardian (eg. PIN code): Since you're in the middle of working on stuff, some of the drawers will be unlocked and documents placed on the desk to be worked on. If the guardian fails at his job, the files are up for grabs to anyone who manages to get past him. And even worse: Since your key is close by he may unlock even those drawers still locked if he is clever enough to find it.
In technical terms: Since the encryption key is available from boot time, anybody capable of circumventing the PIN lock may access all your files if he manages to identify as authorized user to the system (e.g. by opening an app with file access from the launcher).

You see that storage encryption for a running system is only as good as the password/PIN limiting access to the live session (in case of Sailfish OS the home screen). In the offline state you'll have a really hard time cracking the files open unless the key is weak. In case of Sailfish OS the encryption key and the device lock PIN are identical. All the more a reason to choose a good PIN.

Now this is dramatically simplified but is more or less how it works. There are other complexities involving the storage place of the encryption key, it's length and so on.

edit flag offensive delete publish link more

Comments

Lutwolf and Rozgwi thank you so much to take the time to answer!! But here is my following wonders: -if an eventual thief is clever and technical enough to decide search to break the pincode, is not the first thing he will do to plug the phone to a wallcharger? or are we assuming that he is very technical but doesnt know about battey dying😂? -the hypothesis of ''brute forcing'' the bootloader will still require passing by the pincode right? wich is as hard to get as the encryption code cause...they arz the same no?

Yusssufff ( 2020-04-30 12:34:44 +0200 )edit
1

oh so I overexplained a bit I guess? well, thus the necessity of a good PIN code and a limited possible number of tries.

rozgwi ( 2020-04-30 13:07:49 +0200 )edit

No your explaination was wonderfull, thanks a lot! My wonder is mostly, stating that the phone is off: is there really a way to do this what you described as circumventing the pin or accessing the root file system via a bootloader or removing the SD card to read it elsewhere. is that doable actually?

Yusssufff ( 2020-04-30 13:57:36 +0200 )edit

yes it is possible. but depending on your setup it may be a lot of effort.
for the offline scenario surely trying to crack an encrypted SD card or the internal storage with a decent PIN will take a long time. also you would need to copy the home partition somehow in the first place. Plus LUKS does not use your password (PIN in case of SFOS) to encrypt data but only to store a dedicated cryptographic token that's considerably longer and is used as 'hash key'.

for the online scenario it should be pretty safe using a limited number of tries and around 10 digits.
everything else is the usual security penetration risk coming from bugs and zero day vulnerabilities.

rozgwi ( 2020-04-30 14:25:45 +0200 )edit

oh and to be precise: for SD cards you can set individual pass phrases independently from your device's PIN.

you always have to consider the probability and practicality of attacks that are theoretically possible but not very practicable. although it might be true that having your phone seized by e.g. border authorities renders the probability much higher

rozgwi ( 2020-04-30 14:31:37 +0200 )edit
Login/Signup to Answer

Question tools

Follow
5 followers

Stats

Asked: 2020-04-29 14:49:47 +0200

Seen: 402 times

Last updated: Apr 30 '20