![]() If you have $3,000 to spend and can impersonate LE you can buy an exploit to bypass it completely from VIAforensicsīlackBerry Encryption Double useless. Don't trust this crypto to guard your life's secrets if high value target (selling DOPE lol) I believe Cyanogenmod has all of this already, plus su/root to change FDE password. Get a device admin that allows wiping of device after x tries. Google it.Īfter encrypting and it reboots, install some sort of screen unlock to enable separate quick password to protect against online attacks. If you use it max out the offline password with high entropy as recommended by Bruce Schneier (lyrics + re-arrange root to throw off cracking). A government with significant resources could do ?. apk's directly off the site without having to identify your phone or install play store app if you don't trust it.Īndroid encryption Android full disc encryption is SHA-1 vuln, which means a determined attacker with 7970 could do 65-62 rounds with 20% increased efficiency. Use Opera or Android emulator to download. APK still, and signature will pass (Does not work on google play store apps, only 3rd party downloads that aren't scanned by google) Don't use any proprietary/pay PGP PC solution, only the tried and tested old programs like GNU Privacy Assistant.Īndroid Apps You can inject code into any Android. Pidgin has recurring side channels but there's nothing else available to use so if you must do encrypted chat, use it I guess. Orweb uses those libraries, don't use it for critical vendor logins or buyer accounts with money/evidence in them.Ĭrypho chat is still being tested/cracked successfully with 7970 GPU onion jabber/xmpp server, and anything else using the OnionKit libraries also vuln. Gibberbot is vuln to practical MITM attacks unless you use a. ![]() Java runs in a VM and unless you get direct access to CPU you can't prevent timing side channel leaks. Bonus: passphrase + key file for a combination key as well (though Truecrypt's multiple files is even better).īruce Schneier's password safe is also goodĮncrypted Chat/voice/email CryptoCat is useless until they fix, also you shouldn't be doing any browser based encryption. Use: KeePass and choose millions of iterations on a phone, on a PC, tens of millions (and if your chip has AES-NI, change to billions). Password lockers: 1password can be cracked at 3MH/S LastPass can be cracked at 750MH/S
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |