While defending against side channel attacks like power analysis is desirable, and key stretching can be used to slow down cracking... there's a much simpler win that can be done right now, much more easily that using a Yubikey.
Android *NEEDS* to allow a user to have a separate unlock screen password from the disk password. Most users are wholly unwilling to have a long screen unlock password, but willing to have a long boot password. They need to be decoupled. There is no technical reason this is not possible (as demonstrated) - it's just usability concerns and UI. This issue is at https://code.google.com/p/android/issues/detail?id=29468 and I encourage you to star it to vote for it. -tom -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
