Isn't it an open secret that powerful entities (like spying institutions) can get into pretty much every system if they have physical access? Why is this not plausible
Because they would have to possess technology that doesn't exist in order to circumvent actual encryption without a key.
If I adequately encrypt my own data, and keep the keys a secret, I could hand my hard drive off to Microsoft and they could spend billions running all their AI clusters trying to crack it, and it would be a futile endeavor.
If the government had the technology to bypass encryption or quickly and inexpensively crack it, they'd use it for a whole lot more than unlocking smartphones. They could basically control the flow of Bitcoin on a whim with such tech.
I am aware that there are secure encryptions, but android isn't hardware encrypted isn't it?
Haven't used google android for a while, but no encryption was one of the reasons I moved away from it.
No idea about apple, but longer startup times for storage encryption doesn't seem like a very apple thing to do
Also phones are so seldom turned off, and if the system is running storage encryption becomes less of a concern as the key is somewhere in the ram
No. You watch too many Movies. Yes there were attempts from state sponsored actors to weaken encryption algorithms. But is encryption easy to crack? No.
Dude what encryption are you talking about?
Hardware storage encryption is just by now getting more widely adapted, the phone I used till a year ago didn't even support any encryption.
Sure, aes-256 with secure password only stored in your mind is quasi 100℅ safe, but that is not how most devices handle their "encryption".
If the key for the encryption is on the device, and either stored in an unencrypted TPM or unencrypted storage, its not a matter if breaking the encryption (quite impossible) but breaking the software/hardware (quite possible for someone with good enough forensics and skilled programmers)
Also also: encryption only helps if the device is off, which is seldom the case with phones.
Isn't it an open secret that powerful entities (like spying institutions) can get into pretty much every system if they have physical access? Why is this not plausible
You stated in your original comment: "pretty much every system". So no, any modern phone if android or iOS is by default encrypted.
If the key for the encryption is on the device, and either stored in an unencrypted TPM or unencrypted storage, its not a matter if breaking the encryption (quite impossible) but breaking the software/hardware (quite possible for someone with good enough forensics and skilled programmers)
TPMs are by design encrypted.
Keys are not stored unencrypted at least not when you encrypt your storage with modern solutions and set it up reasonably. You use either your TPM to store the key or store it on the drive and have it encrypted by itself or use a KDF.
Also also: encryption only helps if the device is off, which is seldom the case with phones.
No this assumption is wrong. You still would need to circumvent the Login into the device which is mostly secured by a pin or password or biometrics.
If you think TPMs are always encrypted, a key can be encrypted "with itself" and still be any use to you and android system pin is secure you are right.
Might also believe in santa
If you think TPMs are always encrypted, a key can be encrypted "with itself" and still be any use to you and android system pin is secure you are right.
Might also believe in santa
As i guessed. You are evading the question by again babbling nonsense and questioning my knowledge instead of actually proving anything you are saying.
You have shown that you have a bad understanding of what you are actually talking about (see the 'cracked' TPM discussion) and constantly shifting the discussion away from what you are saying : "Basically every device can be accessed without major problems" and what i am trying to explain to you.
You keep referring to concepts like
"Keys encrypted with itself"
"Tpm are by design encrypted"
When you don't really say anything from value.
Not every "encryption" is the same.
When we talk about safe encryption we talk about file system level encryption of a system with safe algorithms like aes and a long enough random password (the key). this is safe.
If you store the key unencrypted on your phone, this encryption is no longer safe.
If you don't know the 16 random digit key it HAS to be on the phone and it CAN'T be encrypted "by itself" because you would no longer have any means to decrypt it.
It could be encrypted with a pin, but again, then its only as strong as the pin, and I don't know how long an only numeric pin would need to be to withstand modern brute forcing, but I doubt a relevant percentage of people have that kind of pin.
You can't explain how this would be safe, so you just come at me with russels teapot and say "well you can't prove its not safe" (which is true because I'm no security expert, but someone with enough knowledge could certainly) and lash out at me "acting in bad faith" because I don't jump through your hoops of passive aggressive misunderstanding.
All I can do is refer to experts, who found things like CVE-2022-20465 - a bug which allowed lockscreen bypass.
As you could have googled that yourself, but you ask this just to throw me off.
But if you want to keep using your google android and bitlocker win and feel safe, its not my problem.
I doubt it. That info is first party and not to be trusted since it is obviously marketing. Any third party article that backs up their claims?
Isn't it an open secret that powerful entities (like spying institutions) can get into pretty much every system if they have physical access? Why is this not plausible
Because they would have to possess technology that doesn't exist in order to circumvent actual encryption without a key.
If I adequately encrypt my own data, and keep the keys a secret, I could hand my hard drive off to Microsoft and they could spend billions running all their AI clusters trying to crack it, and it would be a futile endeavor.
If the government had the technology to bypass encryption or quickly and inexpensively crack it, they'd use it for a whole lot more than unlocking smartphones. They could basically control the flow of Bitcoin on a whim with such tech.
I am aware that there are secure encryptions, but android isn't hardware encrypted isn't it? Haven't used google android for a while, but no encryption was one of the reasons I moved away from it.
No idea about apple, but longer startup times for storage encryption doesn't seem like a very apple thing to do
Also phones are so seldom turned off, and if the system is running storage encryption becomes less of a concern as the key is somewhere in the ram
deleted by creator
No. You watch too many Movies. Yes there were attempts from state sponsored actors to weaken encryption algorithms. But is encryption easy to crack? No.
Dude what encryption are you talking about? Hardware storage encryption is just by now getting more widely adapted, the phone I used till a year ago didn't even support any encryption.
Sure, aes-256 with secure password only stored in your mind is quasi 100℅ safe, but that is not how most devices handle their "encryption".
If the key for the encryption is on the device, and either stored in an unencrypted TPM or unencrypted storage, its not a matter if breaking the encryption (quite impossible) but breaking the software/hardware (quite possible for someone with good enough forensics and skilled programmers)
Also also: encryption only helps if the device is off, which is seldom the case with phones.
You stated in your original comment: "pretty much every system". So no, any modern phone if android or iOS is by default encrypted.
TPMs are by design encrypted.
Keys are not stored unencrypted at least not when you encrypt your storage with modern solutions and set it up reasonably. You use either your TPM to store the key or store it on the drive and have it encrypted by itself or use a KDF.
No this assumption is wrong. You still would need to circumvent the Login into the device which is mostly secured by a pin or password or biometrics.
If you think TPMs are always encrypted, a key can be encrypted "with itself" and still be any use to you and android system pin is secure you are right. Might also believe in santa
Not sure what you are rambling about the TPM.
Then prove that the Lockscreen is insecure.
How do you think encryption works?
What do you think does a lockscreen?
As i guessed. You are evading the question by again babbling nonsense and questioning my knowledge instead of actually proving anything you are saying.
You have shown that you have a bad understanding of what you are actually talking about (see the 'cracked' TPM discussion) and constantly shifting the discussion away from what you are saying : "Basically every device can be accessed without major problems" and what i am trying to explain to you.
You are acting in bad faith.
Bye
You keep referring to concepts like "Keys encrypted with itself" "Tpm are by design encrypted"
When you don't really say anything from value.
Not every "encryption" is the same.
When we talk about safe encryption we talk about file system level encryption of a system with safe algorithms like aes and a long enough random password (the key). this is safe.
If you store the key unencrypted on your phone, this encryption is no longer safe.
If you don't know the 16 random digit key it HAS to be on the phone and it CAN'T be encrypted "by itself" because you would no longer have any means to decrypt it.
It could be encrypted with a pin, but again, then its only as strong as the pin, and I don't know how long an only numeric pin would need to be to withstand modern brute forcing, but I doubt a relevant percentage of people have that kind of pin.
You can't explain how this would be safe, so you just come at me with russels teapot and say "well you can't prove its not safe" (which is true because I'm no security expert, but someone with enough knowledge could certainly) and lash out at me "acting in bad faith" because I don't jump through your hoops of passive aggressive misunderstanding.
All I can do is refer to experts, who found things like CVE-2022-20465 - a bug which allowed lockscreen bypass.
As you could have googled that yourself, but you ask this just to throw me off.
But if you want to keep using your google android and bitlocker win and feel safe, its not my problem.