Needing some enlightments in understanding ''encryption''

answered 2020-04-29 16:00:06 +0200

Lutwolf
788 ●17 ●30 ●41

Hejhej,

1) The temporary "decryption" happens on boot-up wgen you are required to enter your password, right. Until you shut down, only the security password/lockscreen layer is used, so if 2) someone snatches your phone while it is unlocked, it is the same security level as if you hadn't encrypted it before. Well, as long as the thief doesn't shut it down (if i.e. being tired of guessing your security code or something like that, switching to brute-forcing via bootloader - at which point /home/ is encrypted, adding another big obstacle). To me, it is a great plus to have that, making it more troublesome for hardwired attackers and usually resulting in formatting the phone to sell it later instead of stealing important user/payment data which potentially causes more trouble.

1. It has to decrypt/encrypt every process targeting the /home/ partition, but that's not noticeable enough (you do not suddenly push 6GB packets into your user directory, do you?).

2. The old method blocks the lock screen, but (given that you set it to "unlimited tries") there's much less security as soon you have time, patience and an automated device (read: computer) which simply tries combination after combination ("brute-forcing") until the lock code is correct. Idk how much is visible partition-wise with or without encryption/lock code, but it is something different if there is a completely ibscured volume which is unusable without the correct code, or if there is a clear (tree/data) structure visible where only the user data cannot be accessed.

Add-On: entering the decryption code doesn't decrypt encrypted sd-card volumes, and I use quite a lot different of these. I like the thought that - should I lose my phone, maybe with enough time to deplete the battery - none of the data is easily accessable.

Cheers.

answered 2020-04-30 01:13:53 +0200

rozgwi
4618 ●49 ●77 ●79

updated 2020-04-30 01:24:17 +0200

Maybe I can contribute a small candle to your enlightenment. I'm not an expert though so anybody more savvy, please correct me.
In essence there's two different ways of 'locking your phone' that need to be differentiated.

With the 'new' encryption available with 3.3.0 we're talking about storage encryption. Namely Sailfish OS uses the encryption standard LUKS. The component responsible for managing keys, de- and encryption in the OS is called cryptsetup (In case you wanna dive into the technicalities.) The 'old' way you're referring to is the device's PIN code (to unlock the home screen)

I like using metaphors from real life to explain things so lets create a setup.

Storage encryption vs. PIN code

For the encryption of data on a storage device (e.g. your SD card or internal storage of phone) can be compared with having in your office a file cabinet with folders that are all locked up in special drawers requiring a key.
In reality when using LUKS encryption every file is encoded with a passkey. Unless you have that, the file becomes a garbled unreadable data blob.

Your devices PIN code is like the guard on the entrance of the building your office is in: If there is a person who knows the guard (e.g. your PIN) or has a valid ID to enter the office building, its easy for them to reach your office and the file cabinet with your documents. But without the key, they can't open the drawers.

Lets say you do not have any locks on your drawers (e.g. no encryption of home partition). In this case knowing the guardian will let attackers access your files easily. If the guardian is careless and sleepy, they might be able to trick him and gain access anyways (that would be the case of a too short and weak pin code).
And the third angle is to come at night and provoke a power outage. With the alarm system off, the attackers can access the building at will and get your files.
That would be the equivalent of powering off the phone (no battery lasts forever) and accessing the root file system via a bootloader or removing the SD card to read it elsewhere.

So storage encryption protects against attacks on the file system level, when someone has access to your phone.

System performance and live decryption

Now to the other part: Decrypting all the necessary files to use the phone and vulnerability resulting from it.

Imagine working with the locked file cabinet in your office: In order to use and process all the documents, you need to keep the key close by and leave at least a few drawers open.
That's what happens at boot time: Your home partition gets decrypted by cryptsetup using a key that is provided by you. Then, it keeps that key in memory for accessing files quickly without having to ask for it all the time. For this, cryptsetup has been designed to work very efficient. As Lutwolf stated already: You won't feel an impact. Unless you're trying to open multiple drawers at once (with one key), things will work smoothly.

With this analogy you'll see the importance of a good guardian (eg. PIN code): Since you're in the middle of working on stuff, some of the drawers will be unlocked and documents placed on the desk to be worked on. If the guardian fails at his job, the files are up for grabs to anyone who manages to get past him. And even worse: Since your key is close by he may unlock even those drawers still locked if he is clever enough to find it.
In technical terms: Since the encryption key is available from boot time, anybody capable of circumventing the PIN lock may access all your files if he manages to identify as authorized user to the system (e.g. by opening an app with file access from the launcher).

You see that storage encryption for a running system is only as good as the password/PIN limiting access to the live session (in case of Sailfish OS the home screen). In the offline state you'll have a really hard time cracking the files open unless the key is weak. In case of Sailfish OS the encryption key and the device lock PIN are identical. All the more a reason to choose a good PIN.

Now this is dramatically simplified but is more or less how it works. There are other complexities involving the storage place of the encryption key, it's length and so on.