Hi everyone,
currently I have a PIN code and my fingerprints to unlock the device (Samsung Galaxy S10). When the device is booting I have to enter the PIN code to unlock device encryption.
What I was wondering: Isn’t that kind of unsecure? The encryption is based on my PIN which is a rather short password. I don’t suppose a TPM is involved, is it?
I remember having some kind of Cyanogen OS several years ago where I was able to set a long and complex password that need to be entered at boot. Afterwards the PIN would suffice.
To me that sounds a lot more secure.
same on pixel
pin or password to unlock first time after boot if fingerprint is set.
never saw any possibility to set a password for initial unlock after boot and pin/fingerprint for “normal” unlock
What you refer to is full-disk encryption (FDE): a first password is asked to decrypt the disk, then another one to enter the system. File-based encryption is more flexible, and does not require two passwords. That’s true that it is less secure if you define a short password for practical reasons, but in principle brute-force cannot be performed fast: so in both cases it won’t be easy to unlock the system.
Android uses TEE, which has more or less the same goal as TPM.
Sorry for the delay in my response.
Ok, but that only applies as long as the system is running, doesn’t it? I’d think if somebody just boots something else on my phone or manages to copy the storage to an image one could easily run a brute force attack, can’t he?