About duress PIN/Password and threat actor

not-mental-outlaw

How duress pin/password stored? Based on https://discuss.grapheneos.org/d/13630-duress-pinpassword-unlock-state/2 duress pin/password works at BFU too. Then, i think, its stored in unencrypted form somewhere. I don't wanna think, i wanna know. And next question: can that duress pin/password (or some form of them, for example hash) be seeing by threat actor which has physical access to phone. And, if answer is not, then why.

And thanks for GrapheneOS developers for such amazing project!

areaman

not-mental-outlaw If I understant correctly, PINs (or maybe just the hash of the pins?) are stored in the Titan M security processor. They are write-only, so there is no way to read the pin out of the chip, and it has temper resistance mechanisms to make it extremely hard to do even with a labratory. You can send the chip a proposed PIN, it internally compares to the correct one, then if you answered correctly it sends back the key to decrypt your profile, also stored securly (and probably with the PIN). The Titan M also does rate limiting so even if you de-soldered the chip you couldn't brute-force it. I believe thats the basic scheme, if I got something wrong happy to correct.

other8026

not-mental-outlaw Looking at the code quickly, the duress PIN and password are salted and hashed then saved using LockSettingsStorage. While I don't know for sure (as in I haven't read the code to verify this), I can only imagine the database used in LockSettingsStorage is encrypted.

So, no, the duress PIN and password are not stored in plain text. That much is certain.

not-mental-outlaw

other8026 areaman

Thank you for providing more information. Of course, the main question I'm interested in has changed to: Is LockSettingsStorage doing its job well enough: is it possible for an attacker to get a pin/password hash and, if so, is it difficult to get a password/pin back? But i think its more complicated and requires coding knowledge to read the code (thanks god i can), so if some one wanna tell more then reply here, but I don’t expect get answer soon.

I think that discussion can be closed.