Enable auto-reboot to improve security.
Different passwords with multiple users
- Edited
Mael
The way user data is encrypted is somewhat complicated, it doesnt just depend on your PIN/password. Significantly, decrypting requires a Weaver token that is held in the Titan HSM and its release requires your PIN/password.
The Titan has brute forcing protection which increasingly delays the frequency with which access to the token can be attempted.
Dumping the disk and attempting to brute force decryption wont work as decryption depends, not only on your PIN/password, but on multiple strong secrets (keys/tokens) held securely in the phones hardware.
@dazinism
Thanks.
If I understand, a simple password with 8 numbers for example is hard to decrypt (with Titan M).
How to known the force (hard, very hard, very very hard ?) ?
@L8437
In the past, I used this app, and yes, different passwords for user and lock is cool.
I think this app doesn't work with GrapheneOs.
a year later
Hello,
1/ There is still no solution or application to have a different password between boot and lock?
2/ How long should the password be to have very good security (digit with Titan) ?
Thanks
Mael There is still no solution or application to have a different password between boot and lock?
Not yet, but there is some recent activity on issue #28.
Mael How long should the password be to have very good security (digit with Titan) ?
Fundamentally, longer is better, and different people are concerned about different threats. Some people are worried about a randomly stolen phone, but others are worried about nation-state actors with supercomputers -- those threats are very different.
Ok thanks, how secure is a 10-digit password (titan)?
Mael Here is a more-informed answer than mine would be: https://discuss.grapheneos.org/d/10462-what-information-can-forensic-tools-recover-from-an-afu-gos-phone/22