From: Richard Weinberger <richard@sigma-star.at>
To: "Theodore Y. Ts'o" <tytso@mit.edu>
Cc: Richard Weinberger <richard.weinberger@gmail.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
LKML <linux-kernel@vger.kernel.org>,
linux-fscrypt@vger.kernel.org
Subject: Re: [GIT PULL] fscrypt updates for 4.18
Date: Tue, 05 Jun 2018 18:10:24 +0200 [thread overview]
Message-ID: <30587992.7Od65ROsjm@blindfold> (raw)
In-Reply-To: <20180605153501.GC7839@thunk.org>
Am Dienstag, 5. Juni 2018, 17:35:01 CEST schrieb Theodore Y. Ts'o:
> On Tue, Jun 05, 2018 at 05:13:35PM +0200, Richard Weinberger wrote:
> > > Add bunch of cleanups, and add support for the Speck128/256
> > > algorithms. Yes, Speck is contrversial, but the intention is to use
> > > them only for the lowest end Android devices, where the alternative
> > > *really* is no encryption at all for data stored at rest.
> >
> > Will Android tell me that Speck is being used?
>
> Well, today Android doesn't tell you, "Your files aren't being
> encrypted" in some big dialog box. :-)
>
> Whether a phone is using no encryption or not, and what encryption
> algorithm, is fundamentally a property of the phone. It's used to
> encrypt data at rest on the phone, so this isn't a data interchange
> issue. I'm sure there will be some way of finding out --- by looking
> at the source code for that phone, if nothing else.
>
> But I suspect that if you are buying a phone in a first world country,
> you're never going to see a phone with Speck on it --- unless you
> build your own AOSP build and deliberately enable it for yourself,
> anyway. :-)
That's the question. I understand the use case, but I fear attack scenarios
where someone manages to downgrade the crypto of my phone.
This is why I was asking whether Android tells me whether Speck is used or not.
"it does encryption" is clearly not enough.
Thanks,
//richard
P.s. Sorry for hijacking this PR. :-)
--
sigma star gmbh - Eduard-Bodem-Gasse 6 - 6020 Innsbruck - Austria
ATU66964118 - FN 374287y
next prev parent reply other threads:[~2018-06-05 16:10 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-05 15:07 [GIT PULL] fscrypt updates for 4.18 Theodore Y. Ts'o
2018-06-05 15:13 ` Richard Weinberger
2018-06-05 15:35 ` Theodore Y. Ts'o
2018-06-05 16:10 ` Richard Weinberger [this message]
2018-06-05 17:02 ` Theodore Y. Ts'o
2018-06-05 17:05 ` Richard Weinberger
2018-06-05 21:12 ` Theodore Y. Ts'o
2018-06-05 20:22 ` Linus Torvalds
2018-06-05 22:12 ` Theodore Y. Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=30587992.7Od65ROsjm@blindfold \
--to=richard@sigma-star.at \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=richard.weinberger@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.