Sunday, August 19, 2012

Android and Disk Encryption

Beginning with Android 3.0 (Honeycomb), Android includes the ability to transparently encrypt your phone's storage using the phone's settings. Internally, this works by using dm-crypt — just like every other Linux distro out there. But what I found intriguing about this was that it only allows you to encrypt your phone if you use either a password or a numeric pin to lock your phone.

This means that the password/pin is shared between the screen lock and dm-crypt. This has a number of consequences which I'll talk about below.

Now, I understand why this is the default behaviour. Most users rarely, if ever, reboot their phones, and so if the phone has a (separate) passphrase for dm-crypt, we'll see users flooding service centres to get their phone "un-bricked" because they forgot they even had a passphrase.

What surprises me is that there's no stock method to set a different passphrase for dm-crypt. Even CyanogenMod doesn't have this feature built-in. The only easy-to-use way I know to do this is by using the Cryptfs Password app (Disclaimer: I haven't actually tried the app itself, so I can make no guarantees about it).

What also surprises me is that Android accepts pin numbers as dm-crypt passphrases, but not lock patterns! This decision makes little sense to me. Pattern locks are almost equivalent to pin numbers because as can be seen below, your pattern lock directly corresponds to a number.

I say almost equivalent because from each node on that grid, you can only access adjacent nodes to create patterns, and this reduces the number pattern space by a bit (and there's no zero). But if this is a problem, then pin numbers shouldn't be allowed either since a numeric passphrase is trivial to crack— as anyone silly enough to use a numeric bicycle lock has found to great distress.

And even if the screen lock is set using a password, the user is extremely unlikely to use anything but a trivial password for securing a screen that they unlock tens of times a day. This again means that the passphrase would be ridiculously easy to brute-force if the attacker has physical access to the phone.

The level of security for a screen lock is just massively different from the level of security suitable for full-disk encryption. It's really good that the groundwork for this feature has been done, but as it stands the feature is mostly pointless.

PS: The phone wallpaper in the screenshot was brought to you by, Pattrn!