4 replies to this topic

[theone419]

So now adays everything is electronic which makes you more susceptible to all sorts of stuff. Bottom line android users should have FDE for their devices, As of now there is only one device, the nexus one which supports fde VIA Whispercore app. Due to the drivers its only available for that one phone, is there any chance we can get encryption software like that to users? specifically HTC G2/Desire Z. Money talks.....

http://whispersys.com/index.html

[avgjoemomma]

http://source.androi...ementation.html

[theone419]

avgjoemomma, on 20 December 2011 - 07:50 AM, said:

http://source.androi...ementation.html

Thanks, looks like its only available in 3.0. So im assuming you cant use it for CM 7.1. When android 4.0 comes out I heard that it might come with this option? or if not it would be alot easier with 4.0 (CM9)

[mckinleytabor]

Google is moving in the right direction with Honeycomb and Ice Cream Sandwich with regards to FDE, however more needs to me done.

Any encryption system is only as good as the key. The best encryption systems are ones based on a complex key provided by the user.

The problem with Honeycomb (and ICS) is how Android is handling key management. In the case of HC and ICS, the same key used to decrypt the devices at boot time is also used to "unlock" the device after it has been asleep. As a practical mater entering a 30+ mixed character key each time you want to skip a song is NOT tenable.  Because of this, users wil chose smaller and less secure keys.

Moxie Marlinspike (WhisperCore author) also had a good post up on the technical deficiencies in HC and ICS encryption. It all boils down to key management, which WhisperCore does far better than stock FDE on HC or ICS. A boot time only key that is NEVER in non-volatile memory and dumped the instant the device is power-off is the best way to ensure the safety of data on lost or taken devices.

[mckinleytabor]

Following up to my earlier post here's the link: http://questions.whi...rsys-encryption

Also, having now used both ICS WDE on my Transformer Prime, and WhisperCore on my Nexus S, I have to say I much prefer WhisperCore. Using ICS, I have picked as complex a password (I say password because with ICS, it's really not a "key" in the true encryption sense), but its is really inconvenient to have to enter it each time i wake the device.

With WhisperCore I can still use my "unlock" pattern for day-to-day use, but I always know that my phone is never more than reboot away from total protection. Given the way 3G drains the power, I figure if my phone where "lost" it would shut down and become completely secure in less than 16 hours simply from a dead battery.