JollyRancher They were Pixel devices though, and the Tensor chip would be the same.
exactly. I never said it was gos and it doesn't really matter.
Worried about my seized Pixel 7
Nuttso
Did the government actually crack the SecureElement?
Or did they exploit some weakness in Matrix phones?
And what Pixel model was it?
Like take the breach of a Proton account a few months back. The user provided an iCloud recovery email so the government got that email address from Proton, leaned on Apple, triggered a password recovery, and used that password to get into the Proton account.
The flaw wasn't with Proton's technical security but with the user.
The same applies here. Was SecureElement breached, was Matrix breached, or did user error leave a gaping vulnerability?
- Edited
JollyRancher And what Pixel model was it?
pixel 5. titan m1.
There have been a handful of exploits of that. Including at least one that was a full compromise of the M1. That exploit was patched before it was publicly released but no clue what Matrix's firmware update policies were (or desire to start investigating all the relevant dates), so that one could have been used.
Pixel 7's are on the M2 so OP should be safe.
Pixel 5's could be cracked via Cellebrite even Before First Unlock and running GOS (if it hasn't been updated since 2022).
Don't trust any hardware for encryption. Use 96+ bit entropy passphrase if you want to be secure. It's always your own fold if you trust any secure enclave.
Nuttso
Well duh. ;)
Honestly, if you want something to basically be guaranteed secure then you want to be using a random password with 256+ bits of entropy.
- Edited
96+ is absolutely enough. you could go with 128 but that ís absolutely not needed. I'm using 196+ but that is way to overkill
- Edited
JollyRancher https://discuss.grapheneos.org/d/3873-what-is-current-grapheneoss-security-strength-compared-to-iphone-circa-2016/10
This is why using AES256 instead of AES128 makes sense, but generating a 256-bit entropy passphrase / seed phrase which just gets fed into a key derivation algorithm to derive arbitrary length keys really doesn't make sense.
Sempa Yes AES 256 Bit and larger are generally expected to be quantum safe, where the best known attack leveraging a quantum computer is only expected to effectively halve the key length for example from 256 Bit to 128 Bit. Here having a rather long and complex enough passphrase is recommended to remain steady against this attack.
No one should rely on the secure element throttling by using a 6-digits pin. It's a big mistake.
What is safe today might be exploited tomorrow.
The Titan M2 will not be indefinitely secure against exploitation.
If you are reading this, change immediately your 6-digits pin and use a strong alphanumerical random password with at least 90bits entropy better if 120bits as the main lock method for your profile(s)
Once they have your phone, they can just keep it for years (if permitted by a judge or court) and wait an exploit to be avaible to brute-force your 6-digits pin. It will be then a matter of days before they find the right pin.
- Edited
grayway2 The Titan M2 will not be indefinitely secure against exploitation
When that happens, we will know in a day because it will be all over the news. In the meantime 6 digit PIN (I only use 4) will suffice,not all of us store national security secrets on their devices. If you worry about that, you should stop using your fingerprint unlock, entropy of which is roughly equal to 5 digit PIN.