Project

General

Profile

Actions

Feature #2099

open

Separate screen lock and boot passwords

Added by dl lud about 4 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
07/26/2020
Due date:
% Done:

0%

Estimated time:
Resolution:
Device:
Not device specific
Grant:
Type of work:
C programming, Communication (mails, contacting people, etc), Unknown

Description

On Replicant 6 you can set different passwords for the screen lock and boot. Such can be done with commands such as:
  • vdc cryptfs enablecrypto inplace password MyLongPassword
  • vdc cryptfs enablecrypto wipe password MyLongPassword

Or with an app such as SnooperStopper, which uses vdc cryptfs underneath.

This allows for a great compromise between security and usability. You can set a simple PIN for the screen lock, and a long alphanumeric password for boot which is your actual encryption key.

Unfortunately it seems that vdc cryptfs no longer works on recent Android versions (I tested with Lineage 16). This probably stems from the fact that Android now relies on a Trusted Execution Environment (TEE) to (securely?) derive an encryption key out of the user's lock screen PIN and then store it.

Replicant 10 will be unable to use a TEE for several different reasons:
  • Old devices have SoCs that do not support a TEE.
  • There may be no free software TEE implementation available for the target device.
  • Even if a free software TEE is available, the device's bootloader is locked and cannot load it.
    For further details check Gatekeeper HAL backend.

As such, finding a way to have a separate boot password/encryption key on Replicant 10 seems to be a must. Otherwise users will be faced with a dilemma:
a) Use a simple PIN and be exposed to bruteforce attacks.
b) Use a long password and take some long minutes to unlock the phone everytime they need it.

Actions #1

Updated by Kurtis Hanna almost 4 years ago

  • Device Not device specific added
  • Device deleted (Unknown)

The comments in this issue suggest that there is a way to still make this work in AOSP 9: https://github.com/nelenkov/cryptfs-password-manager/issues/25

Specifically it sounds like the necessary changes were made in this fork of the program: https://github.com/thedroidgeek/cryptfs-password-manager

I don't know if it also works for Android 10 or 11 though.

Actions #2

Updated by _I3^ RELATIVISM over 3 years ago

  • Type of work C programming, Communication (mails, contacting people, etc), Unknown added
Actions

Also available in: Atom PDF