2

There's been lots of talk about the allegedly improved encryption in Android 5. Some questions about this:

  1. What is the maximum length for passphrases? (i.e. is it still limited to 16 characters?)
  2. Can you have separate passphrases (or PINs) for encryption and unlocking?
  3. Considering that only the /data partition will actually be encrypted (and closed-source vendor-specific /sdcard encryption has probably had little if any peer review) - what are some good phones that have only "internal" (i.e. no /sdard) memory? Any suggestions?

And one extra question: Is the key still created by /dev/urandom (see: Android Device Encryption)? (Isn't /dev/random the more secure PRNG?)

Improve this question
4
  • /dev/random blocks, /dev/urandom doesn't. They use the same algorithm. Commented Feb 21, 2015 at 12:41
  • @raz They use the same algorithm in principal, but /dev/urandom will continue to provide random numbers even when the internal entropy counter is zero. This means that there's a potential, theoretical, minor reduction in security when using /dev/urandom. However, it should almost never matter in practice unless you're using the random numbers in a way that makes them particularly fragile in terms of cryptanalysis, and your attacker has an incredibly high level of skill and resources. Commented Feb 21, 2015 at 14:02
  • 1
    @Polynomial I disagree. Even then, the non-blocking device is completely secure. It's insecure not against an attacker with "an incredibly high level of skill", but only against a computationally unbound adversary, which do not and cannot exist. In other words, you could not create the padding material for a one-time pad with the non-blocking device and still call it information theoretic secure, but that's really all. Commented Apr 7, 2019 at 5:38
  • 1
    @forest Yeah I wrote that comment in 2015, which was probably before I properly looked into how /dev/random and /dev/urandom properly worked, and just assumed the manpage knew what it was talking about (iirc back then it was talking about entropy as some lossy essence). Anyone reading this should definitely use /dev/urandom where they need cryptographically secure random bytes. Commented Apr 9, 2019 at 0:45

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.