Active Topics

 


Reply
Thread Tools
moscatomg1 is offline moscatomg1
2011-12-01 , 04:04
Posts: 38 | Thanked: 1 time | Joined on Apr 2010
#1
edit.............................................. .....................................
Last edited by moscatomg1; 2011-12-09 at 21:09.
 
reinob is offline reinob
2011-12-01 , 07:42
Posts: 1,808 | Thanked: 4,272 times | Joined on Feb 2011 @ Germany
#2
I don't see the problem here. Yes, you have a, say, 5-digit code, that gives you 100000 possible combinations which a would-be attacker would need to try, physically, one after the other (using whatever order).

It's not like the phone keypad and screen can be remotely unlocked or anything.
 
Mike Fila's Avatar
Mike Fila is offline Mike Fila
2011-12-01 , 16:56
Posts: 412 | Thanked: 480 times | Joined on Feb 2011 @ Bronx, NY
#3
if its experts that you are worried about a lock screen wont be of much help especially if they have access to a forensic device like

http://www.cellebrite.com/forensic-p...s.html?loc=seg

if you would like to secure your device search the forum for data encryption like truecrypt
__________________
4 way loopable wallpapers
Seamless Backgrounds for 9 Desktops
Black Green Rage Icons
Big Shiny Icons
 
NIN101 is offline NIN101
2011-12-01 , 18:11
Posts: 115 | Thanked: 342 times | Joined on Dec 2010
#4
Yes, you have a, say, 5-digit code, that gives you 100000 possible combinations which a would-be attacker would need to try, physically, one after the other (using whatever order).

It's not like the phone keypad and screen can be remotely unlocked or anything.
Give my literally 2 minutes and I can access all your data if the lock code is the only protection by mounting the EMMC using a different OS. Simple. It's sufficient for some random, non-IT addicted thief or the lovely sister though.

I'm probably not up for anything from the extras-devel. catalogs
If this is the case, I can't think of any other method. Lock intervall every 5 minutes + TrueCrypt is the most secure and user friendly solution I am aware of. Or simply don't store sensitive data on the device...
 
Estel's Avatar
Estel is offline Estel
2011-12-01 , 18:43
Posts: 5,028 | Thanked: 8,613 times | Joined on Mar 2011
#5
Still, some "real" replacement for DES lock code (resembling modern BIOS codes in notebooks) would be nice to have. Sure, current approach with disabling need for code after reflash is useful, for people that forget code they've set - but, having reflash-persistent way of locking device, as something between (security-wise) current lock code, and encrypting everything with truecrypt (most secure, but less resource-friendly) could be useful.

But, that would require using write-only parts of NAND, and it's probably out of scope for most coders. Using TrueCrypt is less troublesome to implement, and more secure (sacrificing performance a little, if You decide to crypt everything).

/Estel


// Edit

Of course, totally agree with NIN101, that best way is to store "sensitive" data only on encrypted parts (thus, avoiding encrypting everything), or avoiding storing such data in mobile device, is best approach.

Honestly, I doubt the latter method (avoiding) - considering, how our n900 is a real computer.
__________________
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
Last edited by Estel; 2011-12-01 at 18:47.
 
Mike Fila's Avatar
Mike Fila is offline Mike Fila
2011-12-01 , 19:09
Posts: 412 | Thanked: 480 times | Joined on Feb 2011 @ Bronx, NY
#6
there is smscon that would allow you to remotely wipe the device if it is stolen or lost.
__________________
4 way loopable wallpapers
Seamless Backgrounds for 9 Desktops
Black Green Rage Icons
Big Shiny Icons
 
Estel's Avatar
Estel is offline Estel
2011-12-01 , 21:17
Posts: 5,028 | Thanked: 8,613 times | Joined on Mar 2011
#7
This thread seems to be complete guide on installing truecrypt on Maemo (with GUI):
http://talk.maemo.org/showthread.php...ight=truecrypt
(courtesy of NIN101)

/Estel

// Edit
NIN101, please check my latest post there as well
__________________
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
Last edited by Estel; 2011-12-01 at 21:21.
 

The Following User Says Thank You to Estel For This Useful Post:
reinob is offline reinob
2011-12-02 , 08:17
Posts: 1,808 | Thanked: 4,272 times | Joined on Feb 2011 @ Germany
#8
Originally Posted by NIN101 View Post
Give my literally 2 minutes and I can access all your data if the lock code is the only protection by mounting the EMMC using a different OS. Simple. It's sufficient for some random, non-IT addicted thief or the lovely sister though.
And how do *you* expect to mount *my* EMMC anywhere?

The only way would be to manage (re)booting my N900 into some other OS, which may or may not be possible. If the guy doesn't want to touch extras-devel I suppose he doesn't use any of { u-boot, multiboot, bootmenu, backupmenu, ... }
 
reinob is offline reinob
2011-12-02 , 08:26
Posts: 1,808 | Thanked: 4,272 times | Joined on Feb 2011 @ Germany
#9
Originally Posted by moscatomg1 View Post
crap. nope. that looks beyond me. it'd be nice if there was a *simple* way to securely encrypt data here. . . . but any thoughts on that last bit I'd posted, especially if it's any easier?
As a general rule: you can only protect your data against an enemy with skill the same skills that you have. Low skill = low protection, High skill = high protection (generally speaking).

Since you appear to be interested in your N900 (given the topic you've opened), I suggest (if at all possible) to invest some time in learning all you can about it. With time everything will look much easier than now.

One thing you could try is to put a file system in a file and then try to loop mount it. No encryption (for now), but at least you could manually mount a file system (onto a folder, e.g. /home/user/secret_folder), and then unmount it when it's not needed anymore.

You can start here: http://en.wikipedia.org/wiki/Loop_device
 
NIN101 is offline NIN101
2011-12-02 , 19:52
Posts: 115 | Thanked: 342 times | Joined on Dec 2010
#10
And how do *you* expect to mount *my* EMMC anywhere?
I kinda don't understand you. A thief in the know would steal your N900 and go home with it, boot a supercool initrd and after that he could simply mount the EMMC...

The only way would be to manage (re)booting my N900 into some other OS, which may or may not be possible.
It is as long as your USB port is alive....

One thing you could try is to put a file system in a file and then try to loop mount it. No encryption (for now), but at least you could manually mount a file system (onto a folder, e.g. /home/user/secret_folder), and then unmount it when it's not needed anymore.
I don't wanna be killjoy, but see: Once a filesystem is mounted, the data on it is not secure. Therefore the lock code. You can't kill the lock code without having something like SSH access. So you have to turn the device off to get access on the data.
With encryption you should have a pretty good protection against the method I described above. But if you don't use it, then your suggestion makes no difference. What kind of protection do I get with a loop-mounted filesystem without encryption? None. I could still access the container by using the initrd.
 

The Following User Says Thank You to NIN101 For This Useful Post:
Reply

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 08:14.

Contact Us - Home - Archive - Top