Key derivation from Biometrics?

GrO

Firstly, sorry if I lack understanding about how mobile devices handle crypt differently to standard desktops.

I've been using GOS and have had a read of the FAQ concerning the how the crypt is implemented. I notice that after restarting the device, only the PIN is required to sign in. If 2FA is active, subsequent unlocking requires both the fingerprint and the PIN.

If using profiles, one need simply logout of the profile to bypass 2FA. This means that each profile should ideally have a strong password, which is not ideal if switching often between profiles.

From the FAQ:

The OS derives a password token from the profile's lock method credential using scrypt. This is used as the main input for key derivation.

A PIN of even nine characters means a total of one billion (10⁹) combinations, giving an entropy of ~ 29.9 (log2(10⁹)). This is in no way considered strong by today's standards, even if a strong argon2 KDF is used (which it cannot be as phone hardware is limited). I have read that authentication attempts (on the UX level anyway) are throttled on incorrect authentication attempts, but I'm sure someone could physically dump the flash memory and attempt to brute-force the file encryption key (FEK) anyway?

Is there a way to require key derivation from biometrics and to require 2FA whenever the device is restarted? Even if the owner profile uses a strong password (~ 32 chars) that's still 1FA and does not require the physical presence (or worse) of the owner in order to be better attacked.

Thanks

23Sha-ger

GrO
The Titan M2 mitigates this. You can't brute-force a BFU device
with a strong passphrase. Was documented on Cellebrite many times even on the new version. FBE key is derived from passphrase. A fingerprint is just a way to "bypass" the lockscreen AFU, if to put it in simple terms.

Watermelon

GrO If using profiles, one need simply logout of the profile to bypass 2FA

GrO Even if the owner profile uses a strong password (~ 32 chars) that's still 1FA

GrO bypassing 2FA by allowing just a password or PIN seems to run counter to the premise of 2FA

There's no bypass, you just set the same PIN/password as both your primary unlock method and your secondary (fingerprint+PIN) unlock method

GrO

The Titan M2 sounds interesting, I'll have a read around it

Essentially then the M2 stores the encryption keys (e.g. the master keys) and controls, on a hardware level, the rate at which attempts can be made to decrypt the M2 contained keys? This sounds like it alleviates the need for a stronger KDF (as KDFs just try to increase the time and energy of each brute-force attempt), so deriving the FEK from biometrics as well has less of a case.

From a non-crypt perspective though, bypassing 2FA by allowing just a password or PIN seems to run counter to the premise of 2FA. Shoulder surfing for example: If someone viewed your PIN and then snatched the device from you, they'd have all they need to enter into the device. If biometrics were forced alongside however, they would need to coerce or KO you (or worse) to get your biometrics to unlock the device.

I'm curious as to why the design is such