I agree with all these points.
Until software audits of existing subsystems pass muster, the passphrase initiative would get us actual mileage.
As to the usability of longer passphrases, poems work for me. Typing them with your thumbs is a bit of a pita, but …
The jolla folk are certainly putting more and more emphasis on the sandboxing efforts for apps which also seems to be a thing that might mitigate the dangers from the remote apps angle?
Still, thanks for the effort, y’all!
EDIT: should https://forum.sailfishos.org/t/urgent-but-simple-to-implement-additions-on-encryption-in-sfos not be considered in this attempt at recommendations?
EDIT2: and as remote points out in the first edit: The Endless Conundrum of creating a secure PinePhone | Dalton Durst has a really nice summary of the problem domain… especially the two passphrase idea, long LUKS passphrase on boot, shorter key for unlock screen.
EDIT3: um, no one mentioned a detached LUKS header? Did I miss something, just re-read the thread… but that might be a luks2 thing and we’re using luks1?