Good find, I guess what I'm worried about is whether this new lockscreen ever re-encrypts the device. i.e. if you boot the device, is it stuck in an un-encrypted state?
On Friday, July 27, 2012 2:07:40 PM UTC-7, Kevin wrote: > > I found an Interesting solution to this excessive password typing, at > least it seems to work on Xoom with ICS, no custom rom, and full device > encryption. The solution is to download a third party lock screen. > > I just downloaded "Holo Unlocker", the lock screen for Jelly Bean, and > when enabled, it disables the regular PIN unlock screen. When I disable > Holo Unlocker, it re-enables the PIN lock. Wonderful! Hope this helps > other people workaround this problem until it is officially remedied. > > Thus someone could make an alternate lock screen which say uses a pattern, > this could installed for users whom use full device encryption. Wish > google would make it though, as I feel that source would be more trustable. > Imho > On Jul 22, 2012 11:08 AM, "Kevin Veroneau" <[email protected]> wrote: > >> I couldn't agree more. I have full device encryption enabled on my >> Xoom WiFi-only tablet, and I'd prefer the password only during initial >> power-up, and perhaps a "Time-out" setting for when the device is on. >> For example: >> >> * Allow users to choose how long the device will remain >> "password-less" before actually requiring a password to unlock. I >> know a similar option exists, but this is not for when I press the >> Power button, it's a time-out for when the display auto turns off. I >> would like this time-out to be very customizable, say setting it to an >> hour, and perhaps a widget or something to enable it right away(if I'm >> away from home). Better yet, make the locking GPS aware! If I'm at >> home, don't lock it. I have a home security system for a good reason. >> >> * Alternate passwords would make the device more secure. Since I am >> entering in my 8 digit PIN like a hundred times a day, there's bound >> to be someone watching me at some point, and someone is going to >> figure it out. If there was a separate decryption password, from an >> unlock password, this would make the feature that much more secure. >> The decryption password is only used like 1 a week or so, and in the >> privacy of my own home. >> >> * My Linux laptop is encrypted via LUKS, and it's password is very >> very long, as I only need to type it in once a day during boot-up. My >> user password is obviously different. Not sure if people of Windows >> and OS X do their BitLocker/Vault passwords the same. However, having >> your drive encryption password different from the password you tend to >> type in 20 times a day or more is just better security practice. User >> passwords tend to change every 30 days, whereas a drive encryption >> password is rarely, if ever changed(as normally nobody sees it, and >> when it's being entered nothing is really running in the background to >> see the password). >> >> * Downside of having device encryption on, is that I cannot use those >> new ICS/Jelly Bean unlock screen features. I am tempted of turning of >> encryption, but then if my device does get stolen, or misplaced, I'd >> worry about my personal information and data. >> >> Which bring me to a final point: >> >> * All Android devices should be transparently encrypted. Meaning that >> a skilled hacker cannot easily use tools such as adb or fastboot to >> copy your data unless the device is properly unlocked somehow. These >> are mobile devices, and are the easiest for criminals to swipe. It >> should be common sense to have them encrypted all the time. >> >> - Transparent as in, end-user boots up device, user doesn't even >> realize that it's encrypted. A key could be fed from the users Google >> account, which can then be expired if their device is stolen to >> prevent the device from fully booting. >> >> - Regular unlock methods can be used for encryption. The pattern >> unlock for example can encrypt the device, making the encryption >> entirely transparent to the end-user. A pattern can generate a key of >> some sort depending on how the pattern is generated, such as each >> point being a random set of alphanumeric characters(which could even >> vary by device). Face unlock could use a checksum of the image or >> something similar which cannot be easily duplicated without access to >> the original photo used. I use an md5sum of an image on my hard disc >> as my Wireless key for added security. :) I never keep a copy of the >> checksum, just the image file itself, which is mixed with my other >> images in my Photos folder. I manually enter in the key whenever >> needed. >> >> Those are my 2 cents about the current state of Android device encryption. >> >> On Sun, Jul 22, 2012 at 10:28 AM, kulturuke <[email protected]> >> wrote: >> > I am sure I am not the only one using full device encryption who would >> > prefer >> > >> > - Being able to use swipe to unlock nstead of typing the password 20 >> times >> > per day. Or choose a simpler >> > code for this purpose. >> > >> > - Typing the password once instead of twice at boot up >> > >> > - Not having to type the password right after a call hang up >> > >> > Are these options planned for a future update? >> > >> > If you have a reasonably secure password full device encryption is >> rather >> > unusable as it is. >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups >> > "Android Security Discussions" group. >> > To view this discussion on the web visit >> > https://groups.google.com/d/msg/android-security-discuss/-/Wu4BDMt7InwJ >> . >> > To post to this group, send email to >> > [email protected]. >> > To unsubscribe from this group, send email to >> > [email protected]. >> > For more options, visit this group at >> > http://groups.google.com/group/android-security-discuss?hl=en. >> > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/rpRNC4ZEwYsJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
