I just switched to the alpha channel on my Pixel 8 and updated it.
It’s working perfectly! :)
So, both the Pixel 8a and Pixel 8 are running smoothly, just like a fish in water.
Really, thank you so much, this is fantastic, and I’m sure many people have been waiting for this update.
HAPPY NEW YEAR, AND LONG LIFE TO GOS AND ITS TEAM!
gos-users The method works by rolling dice to select words from a list, typically consisting of 7776 possible words. Examples of Diceware passphrases:
You have a word list with 7776 short simple nouns? Please share a link to it in that case. Because all word lists with 4000+ words I ever seen have adjectives and verbs too, and complicated words, and I found that to make the passphrases hard to visualize and remember.
I made my own prefix-free list with 1024 words, only short simple nouns, so exactly 10 bits of entropy per word. Easier to remember, even if I need to add one or two more words for same security level.
gos-users Mathematically, brute-forcing a 4-word passphrase would take considerable time, but with modern processing power, it’s not impractical. In contrast, a 7-word passphrase, due to its vastly larger keyspace, would be extremely hard to brute-force within a reasonable timeframe, even with a powerful attack.
Another option instead of considering timeframe is to calculate how much in electricity cost alone the attacker would have to pay to brute-force your passphrase. This has the advantage that we don't have to make assumptions about how much hardware the attacker has access to, which is hard in a world where compute power can be easily rented, including specialized hardware like ASICs. But whatever amount of hardware they have, whatever amount of time it takes to brute-force your passphrase, it will still cost them the same amount in electricity bill, because they cannot magically get access to more power-efficient hardware or algorithms than anyone else can get access to, so still consume the same amount of electricity per tried word combination. My impression is this method is preferable for high-risk threat models. You just need to select many words enough that the electricity alone would make it too expensive for your attacker to be able to or willing to pay to break into your specific device. Even for state actors it can get too expensive, tax payers might riot if too much money is "misplaced" to break into a single activist's phone.
https://tails.net/security/argon2id/index.en.html#comparison
Without trusting secure element throttling, GrapheneOS algorithm is comparable to PBKDF2 in that table from the link. GrapheneOS is using scrypt, but with so weak parameters they are comparable to PBKDF2. And their word list gives about 13 bits of entropy per word, so similar to the one you mentioned. Most people could easily afford to break a 4 word passphrase ($1 000), if they believe there is anything of value at all on your phone, but I cannot imagine even a state actor being able to pay the price for breaking a 7 word passphrase ($1 000 000 000 000 000). And these prices do not include rent cost or cost for hardware, it is electricity alone, so already have some margin. I remember having seen how they calculated the cost, but they took into account power consumption for ASIC hardware and powering RAM memory modules of large enough size, and some average cost of electricity at the time. I cannot find that page now.
gos-users The method works by rolling dice to select words from a list
Perfect high-quality dices. Lower quality ones might have bias because of production flaws that makes certain words much likelier to get selected. But better use the cryptographically secure random number generator on your computer, it doesn't have any such flaws. And the security for the encryption relies on it anyway, since the actual encryption key is generated. The passphrase is just used to wrap the encryption key.
https://blog.quarkslab.com/android-data-encryption-in-depth.html
So, after a while i tested it in my pixel 7a i must say it runs smooth and all seems to work....
You have a word list with 7776 short simple nouns? Please share a link to it in that case. Because all word lists with 4000+ words I ever seen have adjectives and verbs too, and complicated words, and I found that to make the passphrases hard to visualize and remember.
I had already provided the EFF link, but here is the TXT file :
https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt
You can also add words from other languages, numbers, uppercase letters, spaces, and characters :)
One minor regression I noticed is that the haptic feedback for scanning your fingerprint is gone when the Second factor PIN is enabled.
I might be in the minority, but I actually prefer the haptic feedback to be disabled.
gos-users I had already provided the EFF link, but here is the TXT file
Unfortunately there are adjectives and verbs in there, but thank you for sharing anyway. It is hard for me to visualize "concur" and "freely", but easy for me to visualize "fox" and "student". I keep to my own word list for now. Worst that can happen is if I forget my passphrase and permanently lose access to all my data.
@ryrona You have a word list with 7776 short simple nouns? Please share a link to it in that case. Because all word lists with 4000+ words I ever seen have adjectives and verbs too, and complicated words, and I found that to make the passphrases hard to visualize and remember.
I have been using https://github.com/passhelp/passhelp to generate passphrases & would be interested in your thoughts -- the wordlist uses 12dicts package's 3esl list and contains approximately 11.5k simple words, according to the documentation.
that_guy I have been using https://github.com/passhelp/passhelp to generate passphrases & would be interested in your thoughts -- the wordlist uses 12dicts package's 3esl list and contains approximately 11.5k simple words, according to the documentation.
From src/generators/words.ts:
...,bird,birdseed,birth,birthday,...
This list is not prefix-free and thus not safe for password generation. In the sense that it is not possible to analyze the level of security the list provides. (Unless you yourself add a separator between each word, like a dash or space. But I usually don't have that, so rely on the list being prefix-free)
It also has a lot of adjective and verbs inflected in various ways, so from my perspective it would be hard to memorize passphrases generated using it, because adjectives and verbs cannot easily be visualized, certainly not their tense.
GrapheneOS Thanks for this version, I have already set it from Alpha Channel, it works fine.
Since the batteries touched, I would like to express several wishes that the rest of the users will probably like it
Hello
First post here, but been reading for a long time
I updated my pixel 9 to this build today. When restarting the phone and after entering the pin code for the sim card
I was told to enter a password. I can't remember to have made a password, but not sure.
I thought I would just reset the phone and start from scratch. But I can't reflash it since bootloader is locked and recovery mode just shows a dead Android and nothing else.
Would appreciate any help you can give
GrapheneOS
Awesome! I can confirm that the second factor PIN works like a charm on my Pixel 6a, Pixel 7 and Pixel tablet on 2024123000.
You have my gratitude!
Also; best wishes for 2025 to the GrapheneOS dev team and the forum members, have a good new year everyone!
Eagle_Owl you can switch it of easily if you don't want Vibration??!!
phone-company you can switch it of easily if you don't want Vibration??!!
I actually wasn't aware that one could finetune the touch vibration level generally. Thanks!
Thank you for the GOS team for the amazing job what they keep doing! Happy NYE everyone
Ammako Depends, are the 4 words in any dictionary in the first place?
They definitely are if you were able to select them randomly in a secure way to begin with. Whether the list is published or not is another thing, but keeping it secret actually add very little extra entropy per word, so no real reason to keep the list secret either.
Remember, the brain is the worst random number generator ever made. So you need a word list.
ryrona It starts with scrypt in the OS but it finishes with a device-dependent key derivation algorithm in the TEE. We can't modify the final phase of key derivation at the end since it's done in the Trusty-based TEE. We could increase the scrypt parameters but we want to determine precisely what happens across each device generation. It would be best if we filed an issue report requesting specific improvements to the TEE key derivation after putting research into it and got them to improve things there. It would be far better if it spent 100ms there using a good hardware accelerated algorithm with a hardware-bound key instead of 100ms in the OS with scrypt, but we can raise what the OS does in the meantime. However, anything we do will need to be a supported encryption format until the end-of-life of each of the devices since users may be upgrading from a very old version to the latest one over 6 years from now for devices with 7 years of support. That's a huge long term support commitment. That's why we haven't been fiddling with this. If we're going to change it, maybe we should replace scrypt instead of tuning it to take longer and use more memory.
