Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

We desperately need someone to configure Android with LUKS/dm-crypt, which theoretically shouldn't be such a huge leap since Android is based on Linux (I know nothing about Android-specific kernel divergences, but would be interested to know if device-mapper is badly broken in Android kernels).

Another interesting project would be a service that sits on your phone and automatically encrypts all of the automatically synced data, so Google only received encrypted data and your phone transparently decrypted it upon demand. This one would probably require much deeper work than making device-mapper run on Android Linux kernels.

I am grateful to Google for making an open, decent phone system so that this kind of stuff is made possible. Think about the options we'd have if iOS was the only smartphone on the market.

People need to accept that without strong encryption, any and all of their digital storage is open to adversarial or even accidental perusal, and that they should have no realistic expectation of privacy without correct application of cryptographic techniques. This is true across every form of digital storage: mobile, desktop, laptop, cloud, USB stick, etc. Encrypt or suffer.



That is how my netbook is configured, EncFS encrypts file names and contents before rsync sends it to a remote backup server.

On the phone, you don't need to encrypt all of the file system (for better performance) but just the parts that hold user data.

Unlocking the screen and encrypted user data by "swiping a pattern" is not a big thing and takes not even a second.


A swipe pattern has such low entropy that you may as well not encrypt it.


Sure, it doesn't stop a criminal, but it implies privacy that could be held up in court against unlawful search.


I have my phone set up to enter a long code on boot (which goes to LUKS) but the lockscreen PIN is much smaller. The low entropy on the lockscreen doesn't matter so much as it is capable of restricting the number of tries, delaying after a certain number of failures, etc.


I agree, I don't see why it'd be unreasonable to type a passphrase on boot.


An encrypted hard disk will be visible in the clear when the phone is turned on. You'd have to ensure to turn off the phone before the cops get it.

For some people encyrption is suffering. If they lose/forget the password for the encryption, then they won't be able to get their data back.


> We desperately need someone to configure Android with LUKS/dm-crypt

I've done this already on my Samsung Galaxy S II. I haven't got round to publishing it yet :-/


Is LUKS going to help here? If the phone is switched on then the LUKS keys are held in memory and the disk is completely open. All that an attacker needs to do is to ensure that the phone doesn't switch itself off or run out of battery while the information is copied off.


Indeed, I meant to address this in my original post. It is not fool-proof but in most cases it's reasonable to turn your phone off after getting pulled over or before meeting a security checkpoint. Certainly much, much more secure than what we have now.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: