| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180605153501.GC7839@thunk.org>
Date: Tue, 5 Jun 2018 11:35:01 -0400
From: "Theodore Y. Ts'o" <tytso@....edu>
To: Richard Weinberger <richard.weinberger@...il.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>,
linux-fscrypt@...r.kernel.org
Subject: Re: [GIT PULL] fscrypt updates for 4.18
On Tue, Jun 05, 2018 at 05:13:35PM +0200, Richard Weinberger wrote:
> > Add bunch of cleanups, and add support for the Speck128/256
> > algorithms. Yes, Speck is contrversial, but the intention is to use
> > them only for the lowest end Android devices, where the alternative
> > *really* is no encryption at all for data stored at rest.
>
> Will Android tell me that Speck is being used?
Well, today Android doesn't tell you, "Your files aren't being
encrypted" in some big dialog box. :-)
Whether a phone is using no encryption or not, and what encryption
algorithm, is fundamentally a property of the phone. It's used to
encrypt data at rest on the phone, so this isn't a data interchange
issue. I'm sure there will be some way of finding out --- by looking
at the source code for that phone, if nothing else.
But I suspect that if you are buying a phone in a first world country,
you're never going to see a phone with Speck on it --- unless you
build your own AOSP build and deliberately enable it for yourself,
anyway. :-)
This is really intended for "The Next Billion Users"; phones like
Android Go that was disclosed at the 2017 Google I/O conference, where
the unsubsidized price is well under $100 USD (so cheaper than the
original OLPC target).
- Ted
Powered by blists - more mailing lists