Private space encryption and owner profile

graphuser

Hello,

I have tried to search this forum without finding an answer, but perhaps I've overlooked or misunderstood something, so apologies if that's the case!

From several posts and threads it is clear to me that the encryption of a secondary profile is fully independent from that of the owner profile, cf in particular this thread: https://discuss.grapheneos.org/d/12305-snooped-secondary-users-password-device-seized-when-turned-off/ and so that the password for a secondary profile needs to be strong on its own.

Is that also the case for the private space encryption (set to a different password than the main profile)? In other words, is the encryption key of the private space derived from some material in the owner profile / system data that need to be unlocked with the main password?

That is for a scenario where the main profile is protected with a very strong password (to be entered 1x a day) and just a 6 digit pin for the private space.

And would the implementation be the same on stock pixel?

Thanks!

raccoondad

graphuser "set to a different password than the main profile)"

Private space profiles are also encrypted separately, regardless if its the same password or not.

graphuser

raccoondad Thanks! Does would that mean that the final key uses no material from the owner profile and so does not "benefit" from a strong password on the owner profile?

raccoondad

graphuser the owner profile is required to be unlocked before you can access private spaces, so keep a strong owner profile password.

6 digit PIN is fairly strong on pixel devices tbh

graphuser

Thanks that's helpful. So to confirm, in the link I shared, gos said of secondary profile:

They're encrypted separately as if there was support for logging into secondary users first even though it's not supported right now.

A private space encryption is then different? And one would need both the owner password and the private space password to access the data as this is not accessible outside of the owner profile?

And so that is some sort of 2FA (two different passwords needed) / added level of security as compared to the data directly in the owner profile?

This, as oppose to a secondary profile with a weaker password than the owner profile which is actually a decrease in protection?

Many thanks!

de0u

graphuser At present there is no kind of profile that mixes keying material from the owner profile. Not secondary profiles, not work profiles, not Private Space, not guest profiles (also, I believe, not kiosk mode). If you want information in any profile/space to be strongly encrypted, use a strong key for that profile/space.

graphuser

de0u okay, thank you for clearing that up! I'll tweak what I had in mind then.

Perhaps this could be useful to some as the private space / secondary profiles could be accessed more often than the phone being rebooted or every few days - and so used more often than the owner profile password.

But yes I suppose much much more easy to say than do!