Im just wondering for security reasons im thinking of using androids built in Encryption tool my question is will this effect things such as my custom recovery or other functions and will it have any negative effects on things like battery life or performance
Personally I stay away from encryption. I can't speak for this device but on the s3, if you encrypted sdcard, if you factory reset, that encryption key is lost and that data forever inaccessible. Whether nexus is any better, I don't know.
Recovery will boot fine but since it doesn't have the encryption key, I would assume it cannot browse data that's encrypted. Id love to hear otherwise on this
There will always be an overhead when writing / reading data within the encryption. Extra cycles will be used to actually process the encryption so I expect a slight impact in battery life and a slightly bigger impact to performance
-----------------------
Sent via tapatalk.
I do NOT reply to support queries over PM. Please keep support queries to the Q&A section, so that others may benefit
Related
Hello there,
For all those of you that have encrypted their Xoom. Have you noticed any decrease in performance? I'd like to also encrypt mine, but not at the expense of performance.
Best,
A few seconds longer boot time but no performance lost in linpack or quadrant. Is you have auto time setup it will change on you after every reboot though. Very odd bug but for me nothing major.
James
I've been thinking of encrypting mine as well but the concern I have is whether this could lead to incompatibilities or issues that are not known to date. Also while it may not be measurable, there will be a performance hit due to the nature of encryption.
Quick question, if you encrypt do you only have to decrypt via passcode at power on or after sleep? Reason is I hardly ever power mine off so if someone found it or figured out how to unlock it, at that point it'd be decrypted. Not seeing the advantage of this as opposed to a regular passcode/security at the lock screen.
The difference is that while your Xoom is encrypted & locked, you can't access data from a PC. This means that if you lose it no-one can access your data. A major plus if you ask me.
burden010 said:
The difference is that while your Xoom is encrypted & locked, you can't access data from a PC. This means that if you lose it no-one can access your data. A major plus if you ask me.
Click to expand...
Click to collapse
But I though the decryption only happens once at startup (after poweron) so while it's on it's decrypted right? Also I don't think USB works when the device is locked even if it's not encrypted.
I think we should have an official statement from Google about how this encryption works. For personal use it is not a big deal, but if someone is going to use his/her xoom at work, it is very important, specially when one has to deal with the computer and technical department.
mobilehavoc said:
But I though the decryption only happens once at startup (after poweron) so while it's on it's decrypted right? Also I don't think USB works when the device is locked even if it's not encrypted.
Click to expand...
Click to collapse
I'm not sure exactly. I should be getting my Xoom in the next couple of days so I'll test it before I customise it too much so I can factory reset easily enough.
Hey there. Can't find any info about encryption and what it brings, so I'll just fire away a few questions about details for that matter. Not that I'm so obsessed with security, more like just curious about the possibility. And keeping things under protection is nice when dealing with business stuff.
What encryption brings? Only data in encrypted, or apps/system too?
Would someone be able to get something from TF by connecting it to a PC? Or he will fail even using ADB or nvflash?
How secure we're speaking about? Any info on encryption method and key length in bits.
If I forget my password, or any other weird thing happen, could I reset it with nvflash, loading new clean images? Maybe encrypted volumes are handled differently, and it's not so easy...
Clockwork Recovery. Would it work perfectly fine with encrypted tablet?
Custom ROMs (like Prime!). Any possible problems when messing with system files without total wipe?
Performance. How bad it could be affected? I'm not sure Tegra2 has RSA-optimized module built-in (or whatever method it's using).
Unlocking. Will I be prompted to enter password every time I see unlock screen, or only when I reboot?
Any known limitations, like password length (I like to set long passwords, it's more efficient and easier to remember).
Bump - heard that HC 3.2 enabled encryption at last. Anyone tried it and can answer any of my questions?
Never done it myself, but from information I read:
tixed said:
Hey there. Can't find any info about encryption and what it brings, so I'll just fire away a few questions about details for that matter. Not that I'm so obsessed with security, more like just curious about the possibility. And keeping things under protection is nice when dealing with business stuff.
What encryption brings? Only data in encrypted, or apps/system too?
Would someone be able to get something from TF by connecting it to a PC? Or he will fail even using ADB or nvflash?
How secure we're speaking about? Any info on encryption method and key length in bits.
If I forget my password, or any other weird thing happen, could I reset it with nvflash, loading new clean images? Maybe encrypted volumes are handled differently, and it's not so easy...
Clockwork Recovery. Would it work perfectly fine with encrypted tablet?
I guess this should be fine.
Custom ROMs (like Prime!). Any possible problems when messing with system files without total wipe?
Performance. How bad it could be affected? I'm not sure Tegra2 has RSA-optimized module built-in (or whatever method it's using).
I read that this would have lesser performance since it has to be decrypted on fly and also affects battery.
Unlocking. Will I be prompted to enter password every time I see unlock screen, or only when I reboot?
I guess every time when you unlock.
Any known limitations, like password length (I like to set long passwords, it's more efficient and easier to remember).
Click to expand...
Click to collapse
I found THIS little tid bit after a Google search.
I do know that it does NOT encrypt your removable MicroSD card or SD card. The encryption can take a considerable amount of time to encrypt all your data (1 to 3 hrs and has to be powered on and at 100%). It will require a PIN or Password prompt at power on and possibly for other data sensitive action. It will also allow for password mining which is the process by which you are required to reenter a new password after so long. Also once you encrypt the only way back is a factory reset. If you lose your PIN or Password your SOL about getting your sensitive data back.
You might be better off using an app that can encrypt individual files that you choose.
Cheers...
tixed said:
What encryption brings? Only data in encrypted, or apps/system too?
Would someone be able to get something from TF by connecting it to a PC? Or he will fail even using ADB or nvflash?
How secure we're speaking about? Any info on encryption method and key length in bits.
If I forget my password, or any other weird thing happen, could I reset it with nvflash, loading new clean images? Maybe encrypted volumes are handled differently, and it's not so easy...
Clockwork Recovery. Would it work perfectly fine with encrypted tablet?
Custom ROMs (like Prime!). Any possible problems when messing with system files without total wipe?
Performance. How bad it could be affected? I'm not sure Tegra2 has RSA-optimized module built-in (or whatever method it's using).
Unlocking. Will I be prompted to enter password every time I see unlock screen, or only when I reboot?
Any known limitations, like password length (I like to set long passwords, it's more efficient and easier to remember).
Click to expand...
Click to collapse
Had a brief experience with encryption before I wiped back to stock. I would strongly recommend against it unless you wish to stick to a stock system and very much need that type of security. From what I remember of my experience:
The data partition is encrypted (not sure what else, but not MicroSD). When your device boots, a prompt that somewhat resembles a lockscreen pops fairly early on when the OS attempts to mount those partition(s). Thereafter, everything is accessible as usual; you can grab things via ADB. You do not have to constantly enter the password (though you would probably want to lockscreen your device as general good practice). As to what nvflash would get you, I'm not sure, since that would be before the partition mount...probably nothing usable. The problem with having an encrypted partition is that CWM at moment can't really do anything useful to those partitions. You cannot flash, backup, or restore via CWM. This means your ability to work with custom ROMs is effectively crippled. In fact, to undo the encryption (or if you forget your password), I had to nvflash back to stock. Factory reset via CWM cannot be done since, again, the partitions are still encrypted.
If in the future, CWM is able to access the partitions like the stock recovery can, then you'd be fine. Performance was not noticeably slower in anyway.
Thanks for the replies. This feature seems pretty grim at the moment. Well, we can all hope that Google and ASUS will update it properly. At least, they did a lot of good updates recently.
I have thus far been unable to find the information I'm looking for in regards to full disk encryption for Android. When you encrypt the drive, Android uses the same password used for unlocking your phone. There are methods out there to defeat the lock screen. Does this bypass encryption as well?
I assume that if it's really encrypted then getting around the lock screen without the appropriate password/key combination would result in you being unable to access the data. If this is not the case then the question becomes whether or not the data can be considered encrypted while the hard drive remains on the phone.
Anyone have any practical knowledge of this, and of whether the key for turning the phone on is the same as for unlocking the phone? I would appreciate any input toward this discussion. Thank you!
-E
emccalment said:
I have thus far been unable to find the information I'm looking for in regards to full disk encryption for Android. When you encrypt the drive, Android uses the same password used for unlocking your phone. There are methods out there to defeat the lock screen. Does this bypass encryption as well?
I assume that if it's really encrypted then getting around the lock screen without the appropriate password/key combination would result in you being unable to access the data. If this is not the case then the question becomes whether or not the data can be considered encrypted while the hard drive remains on the phone.
Anyone have any practical knowledge of this, and of whether the key for turning the phone on is the same as for unlocking the phone? I would appreciate any input toward this discussion. Thank you!
-E
Click to expand...
Click to collapse
So, to be clear, any encryption can be bypassed. If the password is weak, then there is no issue and can be done in no time, if the password is strong (capital letters, numbers, symbols), then a brute-force attack can take years! Said that, you have to understand that Android devices has weaknesses, like every other device, and out there are also companies that guarantee they can decrypt any android device. Another way to decrypt an Android device is freezing the device at -10c (yes physically and no is not a joke). Researchers has demonstrated that if you freeze the device, and quickly disconnected and reconnected the battery will put the device in a vulnerable loophole. Even if encryption means data altering, and it requires a key to access/restore the data, this behavior probable occurs because the low temperatures causes data to fade from internal chips more slowly. That way is possible to obtain encryption keys and unscramble the phone's encrypted data. So, to reply to your question, yes, someone with enough knowledge can bypass your encryption.
Hey, thank you for your response! I read the article about bypassing encryption by slowing the rate of RAM fade and using FROST. I have a few minor follow on questions about that, however I'm not terribly concerned with tracking that down. I'm doing some research for a project, and I've just run out of time basically, so I can't try everything.
So, I know that it can be bypassed. I also know that you can run a kernel called Armored that supposedly keeps the keys for your encryption on the CPU instead of RAM, which supposedly shuts down cold boot attacks. I think that's a bit extreme for everyday situations, but it's there. I'm more curious about the authentication mechanism for the encryption I guess. It's ran through AES128, then salted with SHA, if I remember what I read. So without encryption, if you bypass the password, you're in. I'm curious, if you were to be able to bypass the encryption password (without actually getting it right). Would the system let you in, but leave everything encrypted and unreadable since you didn't provide the appropriate credentials?
-E
emccalment said:
Hey, thank you for your response! I read the article about bypassing encryption by slowing the rate of RAM fade and using FROST. I have a few minor follow on questions about that, however I'm not terribly concerned with tracking that down. I'm doing some research for a project, and I've just run out of time basically, so I can't try everything.
So, I know that it can be bypassed. I also know that you can run a kernel called Armored that supposedly keeps the keys for your encryption on the CPU instead of RAM, which supposedly shuts down cold boot attacks. I think that's a bit extreme for everyday situations, but it's there. I'm more curious about the authentication mechanism for the encryption I guess. It's ran through AES128, then salted with SHA, if I remember what I read. So without encryption, if you bypass the password, you're in. I'm curious, if you were to be able to bypass the encryption password (without actually getting it right). Would the system let you in, but leave everything encrypted and unreadable since you didn't provide the appropriate credentials?
-E
Click to expand...
Click to collapse
Encryption is carried out at boot time. After the device has booted, a lockscreen bypass will yield full access to the device's data. Encryption only protects your data when the phone isn't turned on, effectively. Or if you know the adversary won't be able to bypass the lockscreen, and would end up rebooting it without knowing it was encrypted.
pulser_g2 said:
Encryption is carried out at boot time. After the device has booted, a lockscreen bypass will yield full access to the device's data. Encryption only protects your data when the phone isn't turned on, effectively. Or if you know the adversary won't be able to bypass the lockscreen, and would end up rebooting it without knowing it was encrypted.
Click to expand...
Click to collapse
@pulser_g2 +++
Or if you have a tracking software that allows you to shut down your phone remotely... But in that case you may as well wipe your phone remotely.
How many of you have encrypted your N5? Does it interfere with flashing ROM's, Kernels etc? With the revelations as of late (and Google backing of default encryption), was just wondering the adoption and general usage encounters we here have had with the encryption capabilities of the phone.
What it does interfere with is performance. On my Nexus you can really feel it - both in data transfers and boot up time for both the system and apps with large caches .
That being said it depends on your security requirements. I don't keep sensitive data on my phone ( unless you count photos of my dog's ass ) ) which means that encryption is wasted on me. I don't even have a pin lock or screen lock - they can be bypassed too easy , they waste time to unlock and they might force the "finder" to wipe the phone before I can remotely locate it .
From my point of view, there are more cons than pros for the encryption for the time being especially when it affects performance. Leaving encryption off until performance issues are fixed.
Thanks for the feedback, I was considering it out of principle, but then again like you, I dont have any sensitive company or personal data on there, unless you consider my run of the mill texts and convos. Cheers!
I've recently switched to EXT4 on all partitions to be able to run full disk encryption on jgcaap's latest cm13. I've come to find out that our device does indeed suffer a significant performance hit with disk encryption, since the snapdragon 801 doesn't have hardware decryption support like the 810 and 820 do.
On top of that, I've read that Snapdragon's current implementations of encryption have tons of vulnerabilities that allow the attacker to just brute force the password you use to get in. Essentially making encryption much less useful than before.
There's overwhelming evidence that F2FS, even with kernel 3.4, is much faster and better for the storage long term. Do you think its worth it to just switch to F2FS without disk encryption, since there are many ways the authorities could brute force in to my phone anyways?
Your opinions would be greatly appreciated.
-ThunderThighs
Update: for now I've decided to just stick with ext4 and encryption, I've done more research and learned that all of the software encryption vulnerabilities have been parched by google, and my device is ahead of those security patches. As much as I love f2fs, I can't go without storage encryption these days. I've also just discovered the sim card lock feature as well, which ads a layer of encryption on your sim card attached to a pin to protect against theft.