Hello, I am concerned over the encryption used on my Android 4.0 (Nexus Galaxy).
It seem to force me as a user to use the same decryption password, or PIN, to unlock my screen as when decrypting my disk. This makes it very cumbersome to have a high complexity passphrase, because I would have to enter it every time I unlock my screen. This will probably mean that the majority of users will rely on a PIN code for encryption key, and with weak 10000 combinations it is almost useless. A better approach would perhaps be to have a PIN for screen unlock with a brute force protection resulting in a force reboot after 3 unsuccessful attempts and thus the attacker would need to enter the decryption passphrase. What is the reasoning behind this design decision, to force the same password for screen unlock? If there is no good reason or thought behind it, how would I go about adding a feature request to the android project? I have tried starting a discussion about this issue on stackexchange as well http://android.stackexchange.com/questions/17086/is-it-reasonably-safe-to-use-pin-code-for-encryption Christopher Käck [email protected] PGP key can be found on http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x2BF87B78DAA492F4 -- You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en.
