Revision history [back]
 | 1 | initial version | posted 2020-01-04 16:45:27 +0200  |
[Sailfish 3] Numeric pin as LUKs passphrases make device encryption useless
Hello,
it seems that Sailfish 3 now encrypts by default the home partition using LUKS.
The problem is that the numeric code set by the user is actually the LUKS passphrase too.
I can imagine that cracking LUKS for numeric passphrases under 8 characters is matter of seconds. I don't even want to think what would be the length of a safe numeric-only passphrase.
Probably most users are not setting 30-number-long pins, specially given the pin is requested from time to time (without fingerprint unlock, all the time, just to unlock the screen).
Given that flashing is and must remain unlocked (at least in the XPerias), I can imagine it is trivial to flash a new bootloader and get access to the encrypted partitions.
Am I missing something here? Is it possible to lock flashing (i.e. fastboot flashing lock_critical)?
If things are like this, sailflish should ask for an actual password (or complex pattern) to decrypt and mount LUKS on boot, and then use an additionally user pin for all the other things (assuming there is no way to use any safe-enclave in the HW).
| | 2 | retagged |
[Sailfish 3] Numeric pin as LUKs passphrases make device encryption useless
Hello,
it seems that Sailfish 3 now encrypts by default the home partition using LUKS.
The problem is that the numeric code set by the user is actually the LUKS passphrase too.
I can imagine that cracking LUKS for numeric passphrases under 8 characters is matter of seconds. I don't even want to think what would be the length of a safe numeric-only passphrase.
Probably most users are not setting 30-number-long pins, specially given the pin is requested from time to time (without fingerprint unlock, all the time, just to unlock the screen).
Given that flashing is and must remain unlocked (at least in the XPerias), I can imagine it is trivial to flash a new bootloader and get access to the encrypted partitions.
Am I missing something here? Is it possible to lock flashing (i.e. fastboot flashing lock_critical)?
If things are like this, sailflish should ask for an actual password (or complex pattern) to decrypt and mount LUKS on boot, and then use an additionally user pin for all the other things (assuming there is no way to use any safe-enclave in the HW).