[opensuse] OT: how to secure firefox passwords on android?

older
[opensuse] Baloo finally fixed for...

Daniel Bauer

12 Apr 2016 12 Apr '16

12:50

Hi, sorry for this OT but I don't find any advice in other places and as here are so many bright brains I dare to ask... I wanted to save some passwords (as for my webmail) in firefox on my android phone. To secure it I've put a master password. But this is a pure joke. Except when I really turn off the phone and on again, I am asked for that master password, but from then, firefox connects with my webmail without ever asking me again. So actually that master password serves for nothing. Does anybody know how I can secure my firefox passwords, so that in case somebody steals my phone he has no access to my mail accounts? (I do not do banking etc. on the phone, so I need it only for firefox. The password apps I found simply put a password for those who don't know how to use a file explorer :-( ) thanks for hints! Daniel -- Daniel Bauer photographer Basel Barcelona http://www.daniel-bauer.com room in Barcelona: https://www.airbnb.es/rooms/2416137 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Show replies by date

sdm

13 Apr 13 Apr

03:05

On 04/12/2016 05:50 AM, Daniel Bauer wrote:

...

Hi, sorry for this OT but I don't find any advice in other places and as here are so many bright brains I dare to ask...

I wanted to save some passwords (as for my webmail) in firefox on my android phone. To secure it I've put a master password.

But this is a pure joke. Except when I really turn off the phone and on again, I am asked for that master password, but from then, firefox connects with my webmail without ever asking me again.

So actually that master password serves for nothing. Does anybody know how I can secure my firefox passwords, so that in case somebody steals my phone he has no access to my mail accounts?

(I do not do banking etc. on the phone, so I need it only for firefox. The password apps I found simply put a password for those who don't know how to use a file explorer :-( )

thanks for hints!

Daniel Android supports entire phone encryption since probably version 5.0; I know 6.0 has it. This is probably what you need. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

jdd

05:48

Le 13/04/2016 05:05, sdm a écrit :

...

Android supports entire phone encryption since probably version 5.0; I know 6.0 has it. This is probably what you need.

but I guess than as soon as the password is given you need to logout to be protected jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

James Knott

11:08

On 04/13/2016 01:48 AM, jdd wrote:

...

Le 13/04/2016 05:05, sdm a écrit :

...
Android supports entire phone encryption since probably version 5.0; I know 6.0 has it. This is probably what you need.

but I guess than as soon as the password is given you need to logout to be protected

jdd

It doesn't take long for the phone to lock automagically. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Carlos E. R.

11:28

On 2016-04-13 13:08, James Knott wrote:

...

On 04/13/2016 01:48 AM, jdd wrote:

...
Le 13/04/2016 05:05, sdm a écrit :

...
Android supports entire phone encryption since probably version 5.0; I know 6.0 has it. This is probably what you need.

but I guess than as soon as the password is given you need to logout to be protected

...

It doesn't take long for the phone to lock automagically.

Many people don't use a "lock" on the phone. And you have to enter it so many times that a curious onlooker could guess the key (or the pattern). Yes, if you tell firefox to store passwords, these should be further protected with another password, so that we need to remember only one. A master password. The difference is that in Linux or Windows there is an expiration time for that master password. I have not used the feature in Android, but I understand from Daniel post that it doesn't in Android. FF in Android has simplified things. Cookies, for instance: the option to choose when to expire or which cookies to accept is missing. Only all, none, or not from third parties. All because typing on those things is cumbersome. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)

Daniel Bauer

12:13

Am 13.04.2016 um 13:28 schrieb Carlos E. R.:

...

On 2016-04-13 13:08, James Knott wrote:

...
On 04/13/2016 01:48 AM, jdd wrote:

...
Le 13/04/2016 05:05, sdm a écrit :

...
Android supports entire phone encryption since probably version 5.0; I know 6.0 has it. This is probably what you need.

but I guess than as soon as the password is given you need to logout to be protected

...
It doesn't take long for the phone to lock automagically.

Many people don't use a "lock" on the phone. And you have to enter it so many times that a curious onlooker could guess the key (or the pattern).

Yes, if you tell firefox to store passwords, these should be further protected with another password, so that we need to remember only one. A master password.

The difference is that in Linux or Windows there is an expiration time for that master password. I have not used the feature in Android, but I understand from Daniel post that it doesn't in Android.

FF in Android has simplified things.

Cookies, for instance: the option to choose when to expire or which cookies to accept is missing. Only all, none, or not from third parties.

All because typing on those things is cumbersome.

Thanks for the thoughts... I have now encrypted the phone, and hope it is protected a bit more. I use the fingerprint to enter. I know it is not completely secure (as one can steal a print from a glass I used etc.) but at least it should give me some time to change my email password, in case it gets stolen. Still I don't use the cellular for other sensitive things (like banking, payments and the like) as I consider it too risky. Usually I don't even check emails from the phone, just in some rare exceptions, but once I enter the password it stays there and is completely unprotected until I completely shut down the phone, which I almost never do... I think this is lack of a necessary function in firefox (a master password that is asked every time a password entry is needed or at least on every first time in a session), but I am getting even more offtopic.... So thanks again for your help! Daniel -- Daniel Bauer photographer Basel Barcelona http://www.daniel-bauer.com room in Barcelona: https://www.airbnb.es/rooms/2416137 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Daniel Bauer

29 Apr 29 Apr

20:41

Am 13.04.2016 um 14:13 schrieb Daniel Bauer:

...

Am 13.04.2016 um 13:28 schrieb Carlos E. R.:

...
On 2016-04-13 13:08, James Knott wrote:

...
On 04/13/2016 01:48 AM, jdd wrote:

...
Le 13/04/2016 05:05, sdm a écrit :

...
Android supports entire phone encryption since probably version 5.0; I know 6.0 has it. This is probably what you need.

but I guess than as soon as the password is given you need to logout to be protected

...
It doesn't take long for the phone to lock automagically.

Many people don't use a "lock" on the phone. And you have to enter it so many times that a curious onlooker could guess the key (or the pattern).

...

Thanks for the thoughts...

I have now encrypted the phone, and hope it is protected a bit more.

I use the fingerprint to enter. ...

Now I have an encrypted samsung. It was "off" (that means to do anything on the phone I have to use my fingerprint or the password) and I inserted an USB cable connected to my opensuse 13.2, not fingerprinting, not entering the pwd. Opensuse asked if I wanted to open dolphin, I did want to, and there were all my contents from the android phone. So, anybody has any idea what the encryption could be good for? I think and think and think and can't find any use for it??? Daniel -- Daniel Bauer photographer Basel Barcelona http://www.daniel-bauer.com room in Barcelona: https://www.airbnb.es/rooms/2416137 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Carlos E. R.

21:14

On 2016-04-29 22:41, Daniel Bauer wrote:

...

Now I have an encrypted samsung. It was "off" (that means to do anything on the phone I have to use my fingerprint or the password) and I inserted an USB cable connected to my opensuse 13.2, not fingerprinting, not entering the pwd.

Opensuse asked if I wanted to open dolphin, I did want to, and there were all my contents from the android phone.

So, anybody has any idea what the encryption could be good for? I think and think and think and can't find any use for it???

Well, you are not accessing the media directly, but the view presented to the computer by the phone. Possibly it presents the deciphered view. On the phone you could extract the memory card, and then plug that into the computer to see. I don't know if Android ciphers both the internal media and the external card or not. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)

John Andersen

30 Apr 30 Apr

03:11

On April 29, 2016 1:41:17 PM PDT, Daniel Bauer wrote:

...

Am 13.04.2016 um 14:13 schrieb Daniel Bauer:

...
Am 13.04.2016 um 13:28 schrieb Carlos E. R.:

...
On 2016-04-13 13:08, James Knott wrote:

...
On 04/13/2016 01:48 AM, jdd wrote:

...
Le 13/04/2016 05:05, sdm a écrit :

...
Android supports entire phone encryption since probably version

...
...
...
...
...
know 6.0 has it. This is probably what you need.

but I guess than as soon as the password is given you need to logout to be protected

...
It doesn't take long for the phone to lock automagically.

Many people don't use a "lock" on the phone. And you have to enter it so many times that a curious onlooker could guess the key (or the

5.0; I pattern).

...
...
...

Thanks for the thoughts...

I have now encrypted the phone, and hope it is protected a bit more.

I use the fingerprint to enter. ...

Now I have an encrypted samsung. It was "off" (that means to do anything on the phone I have to use my fingerprint or the password) and I inserted an USB cable connected to my opensuse 13.2, not fingerprinting, not entering the pwd.

Opensuse asked if I wanted to open dolphin, I did want to, and there were all my contents from the android phone.

So, anybody has any idea what the encryption could be good for? I think

and think and think and can't find any use for it???

Daniel

Your phone is given the decryption password at boot time. Just like s LUKS partition on Linux. It protects against stolen drives and powered off devices. The lock password protect access to the phone once booted from someone stealing it after you boot it. But just like an encrypted Linux partition, when the phone's own OS is serving files, it's serving decrypted files over the wire. Most phones have a setting to restrict the USB port to charging only. You would need the unlock password to change that setting. Highly recommended. (There's never a reason (other than charging) to cable an Android phone to your computer other than to jailbreak and install a different is.) -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

John M Andersen

03:36

On 4/29/2016 1:41 PM, Daniel Bauer wrote:

...

Am 13.04.2016 um 14:13 schrieb Daniel Bauer:

...
Am 13.04.2016 um 13:28 schrieb Carlos E. R.:

...
On 2016-04-13 13:08, James Knott wrote:

...
On 04/13/2016 01:48 AM, jdd wrote:

...
Le 13/04/2016 05:05, sdm a écrit :

...
Android supports entire phone encryption since probably version 5.0; I know 6.0 has it. This is probably what you need.

but I guess than as soon as the password is given you need to logout to be protected

...
It doesn't take long for the phone to lock automagically.

Many people don't use a "lock" on the phone. And you have to enter it so many times that a curious onlooker could guess the key (or the pattern).

...

...
Thanks for the thoughts...

I have now encrypted the phone, and hope it is protected a bit more.

I use the fingerprint to enter. ...

Now I have an encrypted samsung. It was "off" (that means to do anything on the phone I have to use my fingerprint or the password) and I inserted an USB cable connected to my opensuse 13.2, not fingerprinting, not entering the pwd.

Opensuse asked if I wanted to open dolphin, I did want to, and there were all my contents from the android phone.

So, anybody has any idea what the encryption could be good for? I think and think and think and can't find any use for it???

Daniel

Dan: The encrypted drive, (and the microsd card) are to protect those data stores from theft of the microsd card or loss of the device (which eventually shuts down for lack of power, or too many login password fails). The password lock protects the phone content if stolen while booted. But data served by the phone over one of its interface is decrypted just like data on a Linux LUKS partition is decrypted over samba and nfs etc. Deep in the settings of the Android phone (developer options) is a setting for USB, that allows you to restrict the USB to CHARGING ONLY. This is the preferred security setting. (There is never any real reason to cable your phone to a computer except to charge it in normal every day usage. You only need to cable up for USB debugging or sideloading a different Operating System Rom.) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Daniel Bauer

08:33

Am 30.04.2016 um 05:36 schrieb John M Andersen:

...

On 4/29/2016 1:41 PM, Daniel Bauer wrote:

...
Am 13.04.2016 um 14:13 schrieb Daniel Bauer:

...
Am 13.04.2016 um 13:28 schrieb Carlos E. R.:

...
On 2016-04-13 13:08, James Knott wrote:

...
On 04/13/2016 01:48 AM, jdd wrote:

...
Le 13/04/2016 05:05, sdm a écrit :

> Android supports entire phone encryption since probably version > 5.0; I > know 6.0 has it. This is probably what you need.

but I guess than as soon as the password is given you need to logout to be protected

...
It doesn't take long for the phone to lock automagically.

Many people don't use a "lock" on the phone. And you have to enter it so many times that a curious onlooker could guess the key (or the pattern).

...

...
Thanks for the thoughts...

I have now encrypted the phone, and hope it is protected a bit more.

I use the fingerprint to enter. ...

Now I have an encrypted samsung. It was "off" (that means to do anything on the phone I have to use my fingerprint or the password) and I inserted an USB cable connected to my opensuse 13.2, not fingerprinting, not entering the pwd.

Opensuse asked if I wanted to open dolphin, I did want to, and there were all my contents from the android phone.

So, anybody has any idea what the encryption could be good for? I think and think and think and can't find any use for it???

Daniel

Dan:

The encrypted drive, (and the microsd card) are to protect those data stores from theft of the microsd card or loss of the device (which eventually shuts down for lack of power, or too many login password fails).

The password lock protects the phone content if stolen while booted.

One can then only hope that the thief is that inexperienced, while, with the organized gangs like here in Barcelona, there's only a small chance to get robbed by an amateur... Is there a difference to iphones? I mean, why wanted the US-American authorities pressure apple to open a backdoor when one can simply plug in a usb cable?

...

But data served by the phone over one of its interface is decrypted just like data on a Linux LUKS partition is decrypted over samba and nfs etc.

Hm. Actually I never tried to access my computer via cable. I use ssh and can't get in without a user password. Could I copy files from my computer via usb-(or another)cable without logging in? I just thought, the phone would ask for a password.

...

Deep in the settings of the Android phone (developer options) is a setting for USB, that allows you to restrict the USB to CHARGING ONLY.

This is the preferred security setting.

Thanks. I'll do that. The good thing in live is that there is something new to learn everyday. And this list helps with that (not only in "my" threads) :-) Are there other things I'd have to switch off? Like bluetooth or others? Daniel -- Daniel Bauer photographer Basel Barcelona http://www.daniel-bauer.com room in Barcelona: https://www.airbnb.es/rooms/2416137 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

John Andersen

08:53

On April 30, 2016 1:33:06 AM PDT, Daniel Bauer wrote:

...

...
On 4/29/2016 1:41 PM, Daniel Bauer wrote:

...
Am 13.04.2016 um 14:13 schrieb Daniel Bauer:

...
Am 13.04.2016 um 13:28 schrieb Carlos E. R.:

...
On 2016-04-13 13:08, James Knott wrote:

...
On 04/13/2016 01:48 AM, jdd wrote: > Le 13/04/2016 05:05, sdm a écrit : > >> Android supports entire phone encryption since probably version >> 5.0; I >> know 6.0 has it. This is probably what you need. > > but I guess than as soon as the password is given you need to

logout

...
...
...
...
> to be protected

...
It doesn't take long for the phone to lock automagically.

Many people don't use a "lock" on the phone. And you have to enter it so many times that a curious onlooker could guess the key (or the

...
...
...
...
...

Thanks for the thoughts...

I have now encrypted the phone, and hope it is protected a bit more.

I use the fingerprint to enter. ...

Now I have an encrypted samsung. It was "off" (that means to do anything on the phone I have to use my fingerprint or the password) and I inserted an USB cable connected to my opensuse 13.2, not fingerprinting, not entering the pwd.

Opensuse asked if I wanted to open dolphin, I did want to, and there were all my contents from the android phone.

So, anybody has any idea what the encryption could be good for? I

Am 30.04.2016 um 05:36 schrieb John M Andersen: pattern). think

...
...
and think and think and can't find any use for it???

Daniel

Dan:

The encrypted drive, (and the microsd card) are to protect those data stores from theft of the microsd card or loss of the device (which eventually shuts down for lack of power, or too many login password fails).

The password lock protects the phone content if stolen while booted.

One can then only hope that the thief is that inexperienced, while, with the organized gangs like here in Barcelona, there's only a small chance

to get robbed by an amateur...

Is there a difference to iphones? I mean, why wanted the US-American authorities pressure apple to open a backdoor when one can simply plug in a usb cable?

...
But data served by the phone over one of its interface is decrypted just like data on a Linux LUKS partition is decrypted over samba and nfs etc.

Hm. Actually I never tried to access my computer via cable. I use ssh and can't get in without a user password. Could I copy files from my computer via usb-(or another)cable without logging in?

I just thought, the phone would ask for a password.

...
Deep in the settings of the Android phone (developer options) is a setting for USB, that allows you to restrict the USB to CHARGING ONLY.

This is the preferred security setting.

Thanks. I'll do that. The good thing in live is that there is something

new to learn everyday. And this list helps with that (not only in "my" threads) :-)

Are there other things I'd have to switch off? Like bluetooth or others?

Daniel

Bluetooth requires a manual action on the phone to pair, so it is not a huge risk. But I leave mine off to save battery. I mostly wanted to Point out that there is a setting that handles the specific security issue you mentioned. I don't understand the other questions you asked about cabling to your computer. Get ES File Explorer (free Android app) and transfer files by Wi-Fi. Samba, sftp, NFC,. Power full, but slightly obtuse interface. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Daniel Bauer

10:23

New subject: [opensuse] Re: copy from encrypted system without password? (was: OT: how to secure firefox passwords on android?)

Am 30.04.2016 um 10:53 schrieb John Andersen:

...

On April 30, 2016 1:33:06 AM PDT, Daniel Bauer wrote:

...

...
...
But data served by the phone over one of its interface is decrypted just like data on a Linux LUKS partition is decrypted over samba and nfs etc.

Hm. Actually I never tried to access my computer via cable. I use ssh and can't get in without a user password. Could I copy files from my computer via usb-(or another)cable without logging in?

I just thought, the phone would ask for a password.

...

I don't understand the other questions you asked about cabling to your computer.

As on the phone it was possible to simply plug an usb-cable to get full access to all it's contents even if it's "locked" (not completely switched off) with the default USB-settings, my question is: - Provided somebody has physical access to my computer and could plug a cable, is there a similar possibility to access files on my LUKS-encrypted computer without the need of giving a password, while logged out or having screen locked with password? Concrete: somebody steels my encrypted laptop that is running, but the screen is locked by KDE. Can he get my files without knowing the pwd?

...

Get ES File Explorer (free Android app) and transfer files by Wi-Fi. Samba, sftp, NFC,. Power full, but slightly obtuse interface.

I do have that, because I did not know that simply plugging a USB cable would give full access (now not anymore, because I followed the advices here and set USB to charge-only). -- Daniel Bauer photographer Basel Barcelona http://www.daniel-bauer.com room in Barcelona: https://www.airbnb.es/rooms/2416137 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

jdd

11:05

New subject: [opensuse] Re: copy from encrypted system without password?

Le 30/04/2016 12:23, Daniel Bauer a écrit :

...

As on the phone it was possible to simply plug an usb-cable to get full access

I don't think this is possible, the file system is simply not encrypted how did you "encrypt" the phone? may be there is somewhere a translation error or a misunderstanding

...

Concrete: somebody steels my encrypted laptop that is running, but the screen is locked by KDE. Can he get my files without knowing the pwd?

of course not to be sure, start the computer with "init=/bin/bash" on the kernel line. This gives you root access make su <yourlogin> can you read the files? if yes, the config is broken jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Carlos E. R.

11:20

New subject: [opensuse] Re: copy from encrypted system without password?

On 2016-04-30 13:05, jdd wrote:

...

Le 30/04/2016 12:23, Daniel Bauer a écrit :

...
As on the phone it was possible to simply plug an usb-cable to get full access

I don't think this is possible, the file system is simply not encrypted

how did you "encrypt" the phone? may be there is somewhere a translation error or a misunderstanding

It is an option on some Android phones. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)

James Knott

11:30

New subject: [opensuse] Re: copy from encrypted system without password?

On 04/30/2016 07:05 AM, jdd wrote:

...

how did you "encrypt" the phone? may be there is somewhere a translation error or a misunderstanding

I don't recall the details, but it is possible to encrypt Android phones, at least recent Android versions. I think the new iPhones are encrypted right out of the box. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

jdd

17:03

New subject: [opensuse] Re: copy from encrypted system without password?

Le 30/04/2016 13:30, James Knott a écrit :

...

On 04/30/2016 07:05 AM, jdd wrote:

...
how did you "encrypt" the phone? may be there is somewhere a translation error or a misunderstanding

I don't recall the details, but it is possible to encrypt Android phones, at least recent Android versions. I think the new iPhones are encrypted right out of the box.

but there the FBI couldn't decrypt... so no pc link could do it :-) jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

James Knott

20:09

New subject: [opensuse] Re: copy from encrypted system without password?

On 04/30/2016 01:03 PM, jdd wrote:

...

but there the FBI couldn't decrypt... so no pc link could do it :-)

Maybe they didn't have a USB cable. ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Daniel Bauer

12:21

New subject: [opensuse] Re: copy from encrypted system without password?

Am 30.04.2016 um 13:05 schrieb jdd:

...

Le 30/04/2016 12:23, Daniel Bauer a écrit :

...
As on the phone it was possible to simply plug an usb-cable to get full access

I don't think this is possible, the file system is simply not encrypted

how did you "encrypt" the phone? may be there is somewhere a translation error or a misunderstanding

settings -> Lock screen and security -> Protect encrypted data says: "Device is encrypted" I don't remember how I did it, but it showed that it was encrypting, took quite a while, and when booting it says: "Enter password to decrypt device storage", then an opening lock appears for some seconds... So I guess it /is/ encrypted, but still pluging an usb cable gave direct accesss in dolphin (not anymore, since I changed settings from default to "charge only")

...

...
Concrete: somebody steels my encrypted laptop that is running, but the screen is locked by KDE. Can he get my files without knowing the pwd?

of course not

to be sure, start the computer with "init=/bin/bash" on the kernel line. This gives you root access

make su <yourlogin>

can you read the files?

if yes, the config is broken

When I boot, I am asked for the passphrase, and then of course it gets decrypted...

...

jdd

-- Daniel Bauer photographer Basel Barcelona http://www.daniel-bauer.com room in Barcelona: https://www.airbnb.es/rooms/2416137 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Xen

14:58

New subject: [opensuse] Re: copy from encrypted system without password?

Daniel Bauer schreef op 30-04-2016 12:21:

...

So I guess it /is/ encrypted, but still pluging an usb cable gave direct accesss in dolphin (not anymore, since I changed settings from default to "charge only")

Most phones I know (the lousy Android phone I bought and the lousy Microsoft phone I have) will not allow access to the files unless the phone is unlocked (turn screen on and type password). That's all I know. I also know that my android device (won't say its name here :P) will seriously allow anyone to factory reset it without deleting the data. :-|. That was a bit of a facepalm moment but very nice for me myself in that instance ;-).

...

When I boot, I am asked for the passphrase, and then of course it gets decrypted...

Ill chance that doesn't work as intended. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

jdd

17:12

New subject: [opensuse] Re: copy from encrypted system without password?

Le 30/04/2016 14:21, Daniel Bauer a écrit :

...

settings -> Lock screen and security -> Protect encrypted data

? seems unclear for me. protect already encrypted data? should be "protect data with encryption", no?

...

So I guess it /is/ encrypted, but still pluging an usb cable gave direct accesss in dolphin

switch of your phone, switch it on agin, do not give any passwd, is it still readable by the computer?

...

When I boot, I am asked for the passphrase, and then of course it gets decrypted...

including with init=/bin/bash? if so all is good jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Carlos E. R.

22:03

New subject: [opensuse] Re: copy from encrypted system without password?

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2016-04-30 14:21, Daniel Bauer wrote:

...

When I boot, I am asked for the passphrase, and then of course it gets decrypted...

A longish passphrase, not the 4 digit pin used to start phone service? I'm considering cyphering my phone. Do you notice any caveats? - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlclK6wACgkQja8UbcUWM1yrZQEAmqmo8y4pji+zozCgI1fwztok RmwyUwhqEpvWqc7AqSAA+wfHwhloQ6BA9bIOyLYaxWAznbYLeIAaVN5k0yq3p2wf =B2q2 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Daniel Bauer

1 May 1 May

09:00

New subject: [opensuse] Re: copy from encrypted system without password?

Am 01.05.2016 um 00:03 schrieb Carlos E. R.:

...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

On 2016-04-30 14:21, Daniel Bauer wrote:

...
When I boot, I am asked for the passphrase, and then of course it gets decrypted...

A longish passphrase, not the 4 digit pin used to start phone service? I'm considering cyphering my phone. Do you notice any caveats?

Yes, I have a long, complicated passphrase looking like nonsense with special characters and numbers, but it's easy for me to remember. The only difference I note is when booting the phone, this takes a little, little longer while the "decryption icon" is on the screen. Still it boots faster than my old phone, and when it runs I don't note any difference. I guess it depends on the phones power, I have a samsung galaxy s6. -- Daniel Bauer photographer Basel Barcelona http://www.daniel-bauer.com room in Barcelona: https://www.airbnb.es/rooms/2416137 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Carlos E. R.

12:44

New subject: [opensuse] Re: copy from encrypted system without password?

On 2016-05-01 11:00, Daniel Bauer wrote:

...

Am 01.05.2016 um 00:03 schrieb Carlos E. R.:

...

...
A longish passphrase, not the 4 digit pin used to start phone service? I'm considering cyphering my phone. Do you notice any caveats?

Yes, I have a long, complicated passphrase looking like nonsense with special characters and numbers, but it's easy for me to remember.

So you have to enter the pin code for phone service (it protects the SIM card), and the passphrase for the storage. Makes sense.

...

The only difference I note is when booting the phone, this takes a little, little longer while the "decryption icon" is on the screen. Still it boots faster than my old phone, and when it runs I don't note any difference. I guess it depends on the phones power, I have a samsung galaxy s6.

Yes... But deciphering a disk is not done at the start, but on the fly, each time there is need to read or write a file, in memory. I wonder what it does at the start :-? -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)

Daniel Bauer

14:01

New subject: [opensuse] Re: copy from encrypted system without password?

Am 01.05.2016 um 14:44 schrieb Carlos E. R.:

...

On 2016-05-01 11:00, Daniel Bauer wrote:

...
Am 01.05.2016 um 00:03 schrieb Carlos E. R.:

...
...
A longish passphrase, not the 4 digit pin used to start phone service? I'm considering cyphering my phone. Do you notice any caveats?

Yes, I have a long, complicated passphrase looking like nonsense with special characters and numbers, but it's easy for me to remember.

So you have to enter the pin code for phone service (it protects the SIM card), and the passphrase for the storage. Makes sense.

...
The only difference I note is when booting the phone, this takes a little, little longer while the "decryption icon" is on the screen. Still it boots faster than my old phone, and when it runs I don't note any difference. I guess it depends on the phones power, I have a samsung galaxy s6.

Yes... But deciphering a disk is not done at the start, but on the fly, each time there is need to read or write a file, in memory. I wonder what it does at the start :-?

I have no idea what id does when booting. Sending the private data to google? :-) Searching about android encryption leaves me with a smoking brain. There is so much information and contradictory information. Some say that the additional disk space is based on fat file system which is then not encrypted, others say it can be with another file format... and as samsung, my case, does not allow additional cards, I have no idea what and which part is now encrypted or not. On the page https://source.android.com/security/encryption/ under "Starting an encrypted device" there is a point "decrypt /data", so I guess that's what it is doing while booting. But what that means and what are the consequences? No idea... -- Daniel Bauer photographer Basel Barcelona http://www.daniel-bauer.com room in Barcelona: https://www.airbnb.es/rooms/2416137 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Xen

18:00

New subject: [opensuse] Re: copy from encrypted system without password?

Carlos E. R. schreef op 01-05-2016 12:44:

...

On 2016-05-01 11:00, Daniel Bauer wrote:

...
Am 01.05.2016 um 00:03 schrieb Carlos E. R.:

...
...
A longish passphrase, not the 4 digit pin used to start phone service? I'm considering cyphering my phone. Do you notice any caveats?

Yes, I have a long, complicated passphrase looking like nonsense with special characters and numbers, but it's easy for me to remember.

So you have to enter the pin code for phone service (it protects the SIM card), and the passphrase for the storage. Makes sense.

...
The only difference I note is when booting the phone, this takes a little, little longer while the "decryption icon" is on the screen. Still it boots faster than my old phone, and when it runs I don't note any difference. I guess it depends on the phones power, I have a samsung galaxy s6.

Yes... But deciphering a disk is not done at the start, but on the fly, each time there is need to read or write a file, in memory. I wonder what it does at the start :-?

Many decryption schemes first decrypt the header that stores the key that is used for actual encryption. For example eCryptFS first "unwraps" the actual password/key based on the (user login) key/password and on my NAS this can easily take like 30 seconds? Actually its software will first CHECK the key and then unwrap it AGAIN to use it, doubling the time it takes to do it. No clue why it takes so long but maybe it is a way to defeat brute forcing (the actual password is much longer and if you have to brute force that, you'll take quite a while. The user login is usually a lot shorter, but if the measure to acquire the actual password is very costly, it becomes very hard to put any kind of attack against it.) So I bet it's just that. Regards. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

John Andersen

18:12

New subject: [opensuse] Re: copy from encrypted system without password?

On 05/01/2016 05:44 AM, Carlos E. R. wrote:

...

So you have to enter the pin code for phone service (it protects the SIM card), and the passphrase for the storage. Makes sense.

Almost nobody does that anymore. Its kind of pointless, since most modern phones don't store anything on the sim except tower connection data. It used to be you could store your phone contacts there, but only 250 bare-bones contacts can be stored on the largest of sims, and phone companies usually supply just the smallest size sim card. 35K. There's just no point in protecting it these days. -- After all is said and done, more is said than done.

Xen

19:51

New subject: [opensuse] Re: copy from encrypted system without password?

John Andersen schreef op 01-05-2016 18:12:

...

On 05/01/2016 05:44 AM, Carlos E. R. wrote:

...
So you have to enter the pin code for phone service (it protects the SIM card), and the passphrase for the storage. Makes sense.

Almost nobody does that anymore. Its kind of pointless, since most modern phones don't store anything on the sim except tower connection data.

It used to be you could store your phone contacts there, but only 250 bare-bones contacts can be stored on the largest of sims, and phone companies usually supply just the smallest size sim card. 35K.

There's just no point in protecting it these days.

It's not for protecting the data. It's for protecting the connection (subscription, your bills). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Carlos E. R.

20:00

New subject: [opensuse] Re: copy from encrypted system without password?

On 2016-05-01 20:12, John Andersen wrote:

...

On 05/01/2016 05:44 AM, Carlos E. R. wrote:

...
So you have to enter the pin code for phone service (it protects the SIM card), and the passphrase for the storage. Makes sense.

Almost nobody does that anymore. Its kind of pointless, since most modern phones don't store anything on the sim except tower connection data.

It used to be you could store your phone contacts there, but only 250 bare-bones contacts can be stored on the largest of sims, and phone companies usually supply just the smallest size sim card. 35K.

There's just no point in protecting it these days.

Er... maybe you misunderstood: the "data" I refer to is not data on the SIM, but on the storage card. The PIN protects the SIM; even if no data is stored there, it protects the ability to connect to your phone provider network, because there is a contract with money involved. You could find yourself with the responsibility of having to pay a one thousand dollars/euros bill for phone calls you did not do. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)

John Andersen

22:22

New subject: [opensuse] Re: copy from encrypted system without password?

On May 1, 2016 1:00:39 PM PDT, "Carlos E. R." wrote:

...

On 2016-05-01 20:12, John Andersen wrote:

...
On 05/01/2016 05:44 AM, Carlos E. R. wrote:

...
So you have to enter the pin code for phone service (it protects the SIM card), and the passphrase for the storage. Makes sense.

Almost nobody does that anymore. Its kind of pointless, since most modern phones don't store anything on the sim except tower connection data.

It used to be you could store your phone contacts there, but only 250 bare-bones contacts can be stored on the largest of sims, and phone companies usually supply just the smallest size sim card. 35K.

There's just no point in protecting it these days.

Er... maybe you misunderstood: the "data" I refer to is not data on the SIM, but on the storage card. The PIN protects the SIM; even if no data is stored there, it protects the ability to connect to your phone provider network, because there is a contract with money involved. You could find yourself with the responsibility of having to pay a one thousand dollars/euros bill for phone calls you did not do.

Maybe in your country. Here, you notify your carrier that the phone was stolen, and they kill your sim instantly. If you subsequently find the phone they give you a new sim for free. You really don't even have to prove anything. In fact I can kill my own sim by just logging into our corporate at&t account and clicking a couple buttons. Of course you would want to log into your Google account first, and maybe wipe the phone remotely first. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Carlos E. R.

2 May 2 May

02:49

New subject: [opensuse] Re: copy from encrypted system without password?

On 2016-05-02 00:22, John Andersen wrote:

...

On May 1, 2016 1:00:39 PM PDT, "Carlos E. R." wrote:

...
On 2016-05-01 20:12, John Andersen wrote:

...
On 05/01/2016 05:44 AM, Carlos E. R. wrote:

...
So you have to enter the pin code for phone service (it protects the SIM card), and the passphrase for the storage. Makes sense.

Almost nobody does that anymore. Its kind of pointless, since most modern phones don't store anything on the sim except tower connection data.

It used to be you could store your phone contacts there, but only 250 bare-bones contacts can be stored on the largest of sims, and phone companies usually supply just the smallest size sim card. 35K.

There's just no point in protecting it these days.

Er... maybe you misunderstood: the "data" I refer to is not data on the SIM, but on the storage card. The PIN protects the SIM; even if no data is stored there, it protects the ability to connect to your phone provider network, because there is a contract with money involved. You could find yourself with the responsibility of having to pay a one thousand dollars/euros bill for phone calls you did not do.

Maybe in your country.

Here, you notify your carrier that the phone was stolen, and they kill your sim instantly. If you subsequently find the phone they give you a new sim for free.

It doesn't have to be stolen. Anybody in your house, say, picks up the phone while it is powered down, switches it on. As it doesn't have a PIN on the SIM, it opens up. He/she places a call to his boy/girl friend that is on a trip abroad; a 5 hours long-distance call. Then switches off the phone. Or worse, he/she calls a sex toll phone (90x, premium-rate telephone number) for hours. Or buys expensive apps. You have to pay the bill. As you have no password (PIN) on the phone, it is your fault entirely. It is the same thing as having a PIN on credit cards. They don't store data. Yes, of course you can block it once you know it has been stolen. So? Depending on the contract or jurisdiction, you are only protected after the report, not before. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)

John Andersen

04:16

New subject: [opensuse] Re: copy from encrypted system without password?

On 05/01/2016 07:49 PM, Carlos E. R. wrote:

...

It doesn't have to be stolen. Anybody in your house, say, picks up the phone while it is powered down, switches it on.

Ok, hold it right there Carlos, because your train has already gone off the rails. Nobody powers off their phone these days, not even to board an airplane. Not even to get some sleep. So bogus story of sim pins is busted right out of the gate. Now answer me this, TRUTHFULLY: How many people do you actually know that password protect their sim card? I don't know a single person who does this. I know people who will remove the sim when the put the phone in their checked luggage, but nobody who puts in a sim pin. -- After all is said and done, more is said than done.

Anton Aylward

04:23

New subject: [opensuse] Re: copy from encrypted system without password?

On 05/02/2016 12:16 AM, John Andersen wrote:

...

Nobody powers off their phone these days, not even to board an airplane. Not even to get some sleep.

I'd add a qualifier to that. I find it easier to have a series of batteries that I charge externally and swap, rather than recharging the battery in my phone. In effect my pone is never put on charge. But I realise there are not phones where you can't change the battery and do have to leave it in some place (perhaps while you sleep, if you one of the people who sleep) wired to a wall-wart or sitting on a charging plate to charge and can't use it as you normally would, 'fully mobile'. Yeah, it sucks, I know, my tablet is like that. Apart from that I agree with you. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

James Knott

11:04

New subject: [opensuse] Re: copy from encrypted system without password?

On 05/02/2016 12:16 AM, John Andersen wrote:

...

Nobody powers off their phone these days, not even to board an airplane. Not even to get some sleep.

I power off both my personal and work phones at night. Calls to my personal phone will get forwarded to my home phone and work stuff can wait for morning. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Xen

11:14

New subject: [opensuse] Re: copy from encrypted system without password?

On Sun, 1 May 2016, John Andersen wrote:

...

On 05/01/2016 07:49 PM, Carlos E. R. wrote:

...
It doesn't have to be stolen. Anybody in your house, say, picks up the phone while it is powered down, switches it on.

Ok, hold it right there Carlos, because your train has already gone off the rails.

Nobody powers off their phone these days, not even to board an airplane. Not even to get some sleep.

The issue is not powering off. Of course what Carlos is saying requires this house mate (child) to have the regular password to the device but they often have, I don't know how people do it these days. Anyway if my phone was stolen I might not immediately know. Maybe it would take a day. Maybe I don't even have a means to call my phone company to deactivate my SIM. You'd be surprised how many times in life you are unable to do normal regular stuff once the normal regular stuff disappears for you. I've had periods where I didn't have phone or internet for weeks. But perhaps more importantly? Where I live every sim comes with a pin. You have to remove it to get rid of it. So I don't know what's true for you, but probably here? Likely a great many people use it. My phone is currently off. Charging is too much of a hassle. My feet are broken and getting around the house is not easy. The other phone (non-smartphone) is also off. I am very glad my phone has a PIN and for me it is not a problem at all to have to enter it when I connect the phone to the network. I wouldn't want to be without one. You are counting on favourable circumstances to always persist. A lot of people do. It's what we call the cloud ;-). Lol. Regards. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Carlos E. R.

13:57

New subject: [opensuse] Re: copy from encrypted system without password?

On 2016-05-02 06:16, John Andersen wrote:

...

On 05/01/2016 07:49 PM, Carlos E. R. wrote:

...
It doesn't have to be stolen. Anybody in your house, say, picks up the phone while it is powered down, switches it on.

Ok, hold it right there Carlos, because your train has already gone off the rails.

Nobody powers off their phone these days, not even to board an airplane. Not even to get some sleep.

I do. Not always, but I do. I also have a second phone which I typically keep powered off. People without a smartphone do it often. People with a smartphone typically have another code to block the display, specially to protect from toddlers. Some people I know are scared of "radiations", so they turn it off as soon as they can.

...

So bogus story of sim pins is busted right out of the gate. Now answer me this, TRUTHFULLY: How many people do you actually know that password protect their sim card?

Everybody I know of. Every phone we buy comes with a PIN activated. Even SIM card copies have a PIN activated, and a PUK code too. I have only seen phones without a PIN on the SIM when the phone is intended for the very elderly who are unable to remember the code or even what to do to read a message on the phone, and ask me what they are and please delete them. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)

Carlos E. R.

30 Apr 30 Apr

11:19

New subject: [opensuse] Re: copy from encrypted system without password?

On 2016-04-30 12:23, Daniel Bauer wrote:

...

As on the phone it was possible to simply plug an usb-cable to get full access to all it's contents even if it's "locked" (not completely switched off) with the default USB-settings, my question is:

- Provided somebody has physical access to my computer and could plug a cable, is there a similar possibility to access files on my LUKS-encrypted computer without the need of giving a password, while logged out or having screen locked with password?

The computer can auto connect to the external usb device to read from it, not to be read from.

...

Concrete: somebody steels my encrypted laptop that is running, but the screen is locked by KDE. Can he get my files without knowing the pwd?

Not to my knowledge. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)

Xen

12:01

New subject: [opensuse] Re: copy from encrypted system without password?

Daniel Bauer schreef op 30-04-2016 10:23:

...

As on the phone it was possible to simply plug an usb-cable to get full access to all it's contents even if it's "locked" (not completely switched off) with the default USB-settings, my question is:

- Provided somebody has physical access to my computer and could plug a cable, is there a similar possibility to access files on my LUKS-encrypted computer without the need of giving a password, while logged out or having screen locked with password?

They would need to hack the usb device driver through the USB device. The chances of that are extremely extremely remote, but possibly not beyond the realm of all possibility.

...

Concrete: somebody steels my encrypted laptop that is running, but the screen is locked by KDE. Can he get my files without knowing the pwd?

They have to keep your laptop running until they can freeze the memory with liquid CO2 or something similar and then take the RAM out or gain access to onboard RAM within maybe an hour and then copy the contents with another device, then search for the LUKS keys in memory. I'm sure some people can (read, law enforcement) but ordinary people won't be able to do anything with it. Regular law enforcement will also not care about it or know about it and they will just let the thing run out of battery or whatever. Unless you are a high profile target they know about in advance, it won't happen. Regular police would just arrest you, then send the laptop off for investigation, and days to weeks later they find out the entire thing was encrypted. Most risky part would be leaving a (root) terminal open in a TTY (ctrl-alt-F2, for instance) because KDE DOESN'T LOCK THAT :D. So if you want to be sure, don't leave TTY terminals open, and then there is hardly any risk (or not at all). Alternatively someone would need to hack running services. Any sshd, httpd or similar could potentially be hacked. So if your adversary is very keen on those things he/she needs to keep the laptop running long enough to do that. A regular airport thief won't be able to, I'm sure (but what do you know?). For that to happen there'd have to be some level or organized network and the airport thief instantly sells the laptop to someone else who has more resources. Yeah. Well. All in all freezing the memory is the most likely effective course of action. But nobody is going to be interested in that except law enforcement unless you are a very special person that people have an eye on. Suppose you have enemies in the business world and you carry trade secrets with you? :P. I don't know. Someone might :p. It is not beyond the realm of possibility. But. It depends on who steals your laptop and for what reason. ....lol? :). I guess stranger things happen in life but ordinarily it can't happen. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Daniel Bauer

12:35

New subject: [opensuse] Re: copy from encrypted system without password?

Am 30.04.2016 um 14:01 schrieb Xen:

...

Daniel Bauer schreef op 30-04-2016 10:23:

...
As on the phone it was possible to simply plug an usb-cable to get full access to all it's contents even if it's "locked" (not completely switched off) with the default USB-settings, my question is:

- Provided somebody has physical access to my computer and could plug a cable, is there a similar possibility to access files on my LUKS-encrypted computer without the need of giving a password, while logged out or having screen locked with password?

They would need to hack the usb device driver through the USB device. The chances of that are extremely extremely remote, but possibly not beyond the realm of all possibility.

...
Concrete: somebody steels my encrypted laptop that is running, but the screen is locked by KDE. Can he get my files without knowing the pwd?

They have to keep your laptop running until they can freeze the memory with liquid CO2 or something similar

thats really cool :-)

...

and then take the RAM out or gain access to onboard RAM within maybe an hour and then copy the contents with another device, then search for the LUKS keys in memory.

I'm sure some people can (read, law enforcement) but ordinary people won't be able to do anything with it. Regular law enforcement will also not care about it or know about it and they will just let the thing run out of battery or whatever.

I don't care about official authorities, they can ask me for the password and I'll give it to them, no problem, as I guess they are not interested in stealing my bank account or publish private photos of my clients or blackmail them :-)

...

Unless you are a high profile target they know about in advance, it won't happen. Regular police would just arrest you, then send the laptop off for investigation, and days to weeks later they find out the entire thing was encrypted.

Most risky part would be leaving a (root) terminal open in a TTY (ctrl-alt-F2, for instance) because KDE DOESN'T LOCK THAT :D.

So if you want to be sure, don't leave TTY terminals open, and then there is hardly any risk (or not at all).

Alternatively someone would need to hack running services. Any sshd, httpd or similar could potentially be hacked. So if your adversary is very keen on those things he/she needs to keep the laptop running long enough to do that.

A regular airport thief won't be able to, I'm sure (but what do you know?). For that to happen there'd have to be some level or organized network and the airport thief instantly sells the laptop to someone else who has more resources.

Yeah. Well. All in all freezing the memory is the most likely effective course of action. But nobody is going to be interested in that except law enforcement unless you are a very special person that people have an eye on.

I am a special person, at least I feel so, and there are some that have an eye on me, but in a manner that I like :-)

...

Suppose you have enemies in the business world and you carry trade secrets with you? :P. I don't know. Someone might :p.

No, nothing special. I am just responsible not to give access to anybody to images I take from my clients. And of course I don't want to give access to my bank account, my websites admin, my e-mails... and would like to keep my private things private. That's all.

...

It is not beyond the realm of possibility. But. It depends on who steals your laptop and for what reason.

....lol?

:). I guess stranger things happen in life but ordinarily it can't happen.

John Andersen

17:32

New subject: [opensuse] Re: copy from encrypted system without password?

On 04/30/2016 03:23 AM, Daniel Bauer wrote:

...

I do have that, because I did not know that simply plugging a USB cable would give full access (now not anymore, because I followed the advices here and set USB to charge-only).

Well, as others have already pointed out the risk of someone getting at a laptop is unlikely at best and quite probably impossible even for state level actors. The reason you could do this with your phone, before setting USB to Charge only, was because the phone is shipped with a couple different pieces of software turned on for the benefit of the the majority of the user base. There is a USB thumb drive emulation (media transfer protocol) software so that some (but not all) of the phone's storage is revealed to the USB port as if it was a USB drive. There is also a USB Picture Transfer Protocol to quickly transfer your photos to a computer. Also audio out, and a couple others. I suspect these are set for convince rather than security for the teenagers who just want to put movies and music on their new phone as quickly as possible, and don't have a great deal of technical knowledge. Someone wanting a higher level of security would research the issue, as you did and, and find the secret sauce. (However, it seems to me that once you encrypt your phone, that setting should be changed automatically to Charge Only, and/or you should have been warned about that security hole). By the way, Daniel, have you looked into KDE Konnect? Its another fast way of moving stuff between Linux and the phone, in either direction. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

Carlos E. R.

11:13

On 2016-04-30 10:33, Daniel Bauer wrote:

...

...
The encrypted drive, (and the microsd card) are to protect those data stores from theft of the microsd card or loss of the device (which eventually shuts down for lack of power, or too many login password fails).

The password lock protects the phone content if stolen while booted.

One can then only hope that the thief is that inexperienced, while, with the organized gangs like here in Barcelona, there's only a small chance to get robbed by an amateur...

Normally they want to reset the phone and sell it again, probably in another (far) country, so that the known as stolen IMEI does not appear in the phone companies. I don't think many of them are interested in data.

...

Is there a difference to iphones? I mean, why wanted the US-American authorities pressure apple to open a backdoor when one can simply plug in a usb cable?

Well, the USB cable will simply not have access to data unless you activate the phone with the screen lock or pin to tell the phone to connect to the cable. Unless that phone has the silly setting of activate the cable as data transfer on connect as default. Yes, iphones are different. At least the last version. The CPU and hardware is designed in a way that the data does not appear deciphered on the accessible buses of the board. Or so I understand. It is a hardware/software design, whereas the rest use a software only design.

...

...
But data served by the phone over one of its interface is decrypted just like data on a Linux LUKS partition is decrypted over samba and nfs etc.

Hm. Actually I never tried to access my computer via cable. I use ssh and can't get in without a user password. Could I copy files from my computer via usb-(or another)cable without logging in?

No. But you can power off the computer, then you have full access to the hard disks. Windows may be different, but I'm unsure. Movies are full of thieves plugging an USB thing and cloning the computer. How much of that is true? I heard of USB things that pose as a keyboard, thus they get access to the computer differently, they can enter commands. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)

James Knott

13 Apr 13 Apr

12:38

On 04/13/2016 07:28 AM, Carlos E. R. wrote:

...

Many people don't use a "lock" on the phone. And you have to enter it so many times that a curious onlooker could guess the key (or the pattern).

Actually, many people are locking phones. In fact, a friend recently got a new iPhone and those require a 6 digit password and are encrypted. My Android phone didn't come with encryption enabled, but I turned it on. Those people who let others see them enter the number are the same who'd let others watch them put their PIN into an ATM. Also, some newer phones, including the iPhone 6 I use for work, can read finger prints, so I only enter the 6 digits when I turn the phone on in the morning. The rest of the day, I just use my finger print. I believe some Android phones now have finger print readers too. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

John Andersen

17:04

On 04/13/2016 05:38 AM, James Knott wrote:

...

On 04/13/2016 07:28 AM, Carlos E. R. wrote:

...
Many people don't use a "lock" on the phone. And you have to enter it so many times that a curious onlooker could guess the key (or the pattern).

Actually, many people are locking phones. In fact, a friend recently got a new iPhone and those require a 6 digit password and are encrypted. My Android phone didn't come with encryption enabled, but I turned it on. Those people who let others see them enter the number are the same who'd let others watch them put their PIN into an ATM. Also, some newer phones, including the iPhone 6 I use for work, can read finger prints, so I only enter the 6 digits when I turn the phone on in the morning. The rest of the day, I just use my finger print. I believe some Android phones now have finger print readers too.

Also, Android Pay, Googles "pay by bonk" application will not let you enter any payment sources unless the phone is set to auto-lock, and if you try to remove the lock settings, Android Pay will pop up and tell you it will remove any payment sources if you do. So more people are locking their phones these days, and encrypting them too. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

2914

Age (days ago)

2934

Last active (days ago)

List overview

Download

42 comments

9 participants

participants (9)

Anton Aylward
Carlos E. R.
Daniel Bauer
James Knott
jdd
John Andersen
John M Andersen
sdm
Xen