On Tuesday, May 21, 2013 11:38:11 PM UTC+2, Nathanael Abbotts wrote: > > One quite severe issue that I can think of is that any secondary users on > a device have to know the "adminstrator's" password if they want to be able > to access the device from a powered off state. This is obviously less than > ideal. >
LUKS volumes can have several independent passwords that each unlock the same fs, so that shouldn't be an issue. I guess the reasoning behind this policy is to reduce futile support inquiries by people who've forgotten the encryption password. Maybe even due to carrier or OEM pressure. However, I think it cripples the feature so much that it should still be changed. Hide it behind a big fat "don't come crying to us if you forget your password, there's nothing we can do" warning if you must, but at least make it possible. In fact, I think it should be possible to combine a strong encryption passphrase with any screen unlock method, including pattern and slide. Don't assume that all users are stupid and don't know what risk they're trying to protect themselves from. E.g. in my case, I mostly care about offline attacks, when I know in advance that the device might fall into the hands of an adversary. Obviously I'd turn it off beforehand. However, with the current implementation, I simply don't use any encryption at all, because I'm not prepared to make the big usability sacrifices necessary for a level of security that's not just a joke. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
