SFOS now has encrypted LUKS storage and supports pin-code / fingerprints to unlock.
But in some aspects it looks more like a security theater, than an OS designed with security in mind.
What has to be implemented:
- decouple LUKS storage pw (boot pw) from PIN - allow them to be different.
- double Power Button click should disable fingerprint scanner till after next PIN code unlock.
Reasons:
- decouple LUKS storage password (boot pw) from PIN - allow them to be different.
Currently the PIN code acts as a password for LUKS volume, and PIN codes are short numeric codes.
In a situation when you lose access to your encrypted SFOS phone for some time, opponent can boot it into recovery, dump the LUKS volume header (or the whole storage), and then bruteforce you numeric PIN on a videocard. So he will have you PIN to unlock the phone and storage in some ~30 minutes.
You even don’t have to know that this happened, i.e. he can boot the phone into recovery, dump the LUKS header and return the phone, it will take 5 minutes tops.
Then he can bruteforce the PIN offline and unlock the phone secretly next time he has access to it.
And you wouldn’t even know it.
Solution: leave PIN code only for runtime unlocking, allow to set different full-keyboard alpha-numeric password for boot LUKS unlocking (when turning on).
- double Power Button click should disable fingerprint scanner till after next PIN code unlock.
This is already implemented on iOS at least, because there are situations in some countries when you can be forced to apply your finger to fingerprint scanner.
So in such situations ability to quickly “block” fingerprint unlocking is essential.