On Sat Nov 01 2014 at 3:09:23 PM Tal Palant <[email protected]> wrote:
> I looked there and many more resources on Android encryption and couldn't > find the answer, that's why i'm asking here. > >From the documentation link Jeff provided: "The actual encryption used for the filesystem for first release is 128 AES with CBC and ESSIV:SHA256". That's the answer. It uses CBC with ESSIV, not XTS. Here's confirmation from the source: https://cs.corp.google.com/#android/system/vold/cryptfs.c&q=cryptfs.c&sq=package:%5Eandroid$&l=3093 CBC with EESIV does have a malleability issue, allowing an attacker to modify known-plaintext sectors, setting every other block to an attacker-chosen value (and making the remaining blocks random). So in the event someone obtains your phone they can modify data on it to chosen values, presumably to some values which will cause it to misbehave in some way useful to them when you get it back and start using it. However, if they can do that they could also just change the software on the system partition, which would be a much easier and more effective exploit. Android FDE is intended to preserve the confidentiality of your data in the event someone obtains your powered-down[*] device. It is not secure under a threat model that assumes the attacker can make arbitrary modifications to device storage without your knowledge and then return it to you. This would be the case with XTS as well. [*] It should also be able to maintain confidentiality in the event someone obtains your powered-up but locked device, but only if there are no exploitable vulnerabilities that allow the lock screen to be bypassed. I should point out that security is dependent on the choice of a sufficiently-strong password, which hardly anyone uses. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
