Carlos E. R. schreef op 01-05-2016 12:44:
On 2016-05-01 11:00, Daniel Bauer wrote:
Am 01.05.2016 um 00:03 schrieb Carlos E. R.:
A longish passphrase, not the 4 digit pin used to start phone service? I'm considering cyphering my phone. Do you notice any caveats?
Yes, I have a long, complicated passphrase looking like nonsense with special characters and numbers, but it's easy for me to remember.
So you have to enter the pin code for phone service (it protects the SIM card), and the passphrase for the storage. Makes sense.
The only difference I note is when booting the phone, this takes a little, little longer while the "decryption icon" is on the screen. Still it boots faster than my old phone, and when it runs I don't note any difference. I guess it depends on the phones power, I have a samsung galaxy s6.
Yes... But deciphering a disk is not done at the start, but on the fly, each time there is need to read or write a file, in memory. I wonder what it does at the start :-?
Many decryption schemes first decrypt the header that stores the key that is used for actual encryption. For example eCryptFS first "unwraps" the actual password/key based on the (user login) key/password and on my NAS this can easily take like 30 seconds? Actually its software will first CHECK the key and then unwrap it AGAIN to use it, doubling the time it takes to do it. No clue why it takes so long but maybe it is a way to defeat brute forcing (the actual password is much longer and if you have to brute force that, you'll take quite a while. The user login is usually a lot shorter, but if the measure to acquire the actual password is very costly, it becomes very hard to put any kind of attack against it.) So I bet it's just that. Regards. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org