• 0 Posts
  • 20 Comments
Joined 1 year ago
cake
Cake day: August 30th, 2023

help-circle



  • From what I’ve read, that doesn’t really work - you’d need the encryption key, not the pin/password, because of how the encryption platform works.

    Again, it’s been a while, and this isn’t my field. I just remember being properly surprised at how little I understood - that the pin/password are merely keys to accessing the encryption key, and it’s all tied together in validating during hoot. Like you can’t image the system and drop it in another phone if it’s been encrypted, even if you have the pin - the encryption system on the different hardware would calculate things incorrectly (I did this once, dropped an encrypted image on a duplicate phone. That was fun trying to figure out why it wouldn’t work).

    There’s more to the puzzle that’s frankly above my pay grade, but last time I read about how to get into an encrypted phone, (even boot unlocked) required the expertise and tools of certain types of folks. Not your average “haxxor”.

    Granted, that expertise and those tools are getting closer to us every day…



  • It requires a flashed rom with a valid (key signature? Crap, forget what it’s called).

    If you flash an unsigned kernel and try to boot lock, it’ll brick.

    I get from an absolute security perspective why this is deemed important, I just feel there’s a bit too much focus on it, as if an unlocked bootloader is really that insecure. It would still take tremendous effort to get the encryption key for storage, so it’s pretty effectively secure still.