[whispersystems] Forensic analysis

Discussion:

Vyacheslav Raskulin

2016-01-14 10:34:13 UTC

Is there any information about forensic analysis of Signal?
How secure my privacy is, when BadGuys grabs my phone and have full access
to it, excluding Signal password?
What they can restore from it?

Raphael Arias

2016-01-14 10:37:50 UTC

Permalink

Hi Vyacheslav,

I don't know of any research here, but I suspect that these
characteristics are very different for the different supported
platforms. Which platform are you interested in?

Best regards,
Raphael

Post by Vyacheslav Raskulin
Is there any information about forensic analysis of Signal?
How secure my privacy is, when BadGuys grabs my phone and have full
access to it, excluding Signal password?
What they can restore from it?

Vyacheslav Raskulin

2016-01-14 11:09:43 UTC

Permalink

Raphael, i'm intersted with Android version. Is there any documentation
that describes how Signal encrypt and store user's data?

Post by Raphael Arias
Hi Vyacheslav,
I don't know of any research here, but I suspect that these
characteristics are very different for the different supported
platforms. Which platform are you interested in?
Best regards,
Raphael

#359

2016-01-14 10:45:18 UTC

Permalink

hi,

it depends of the passphrase that you use. if you use a strong
passphrase[1] then i guess you're safe. also, the best thing you can do
is encrypting the whole device (with strong passphrase), then you don't
need Signal's own encryption. but it's a pain to do on Android at the
moment because it doesn't separate device encryption and display
unlocking (you can do that yourself if you're rooted) and you always
have to type the looong safe passphrase.

- jure

Is there any information about forensic analysis of Signal? How secure
my privacy is, when BadGuys grabs my phone and have full access to it,
excluding Signal password? What they can restore from it?

Links:

1. https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/

Diederik de Haas

2016-01-14 12:35:45 UTC

Permalink

Post by #359
doesn't separate device encryption and display
unlocking (you can do that yourself if you're rooted) and you always
have to type the looong safe passphrase.

Do you have any instructions or links on how to do that?

#359

2016-01-14 13:02:24 UTC

Permalink

it's VERY simple! you must be rooted, i won't write about how to obtain
that. then install some of these open source apps from play store.

https://play.google.com/store/apps/details?id=org.nick.cryptfs.passwdmanager
or
https://play.google.com/store/apps/details?id=cz.eutopia.snooperstopper

with one of this apps you will change the device encryption passphrase
to a long and strong one. the screen PIN code remains the same.

but beware: if you change the screen PIN code in Android settings you
also reset your device passphrase to the same, so then you must repeat
the process.

more about this topic:

http://nelenkov.blogspot.nl/2012/08/changing-androids-disk-encryption.html

http://nelenkov.blogspot.nl/2014/10/revisiting-android-disk-encryption.html

- jure

Post by Diederik de Haas

Post by #359
doesn't separate device encryption and display
unlocking (you can do that yourself if you're rooted) and you always
have to type the looong safe passphrase.

Do you have any instructions or links on how to do that?
+ signature.asc
1k (application/pgp-signature)

Diederik de Haas

2016-01-14 13:08:47 UTC

Permalink

Post by #359
it's VERY simple! you must be rooted, i won't write about how to obtain
that. then install some of these open source apps from play store.

Thank you both for your replies :-)

Alexander Dietrich

2016-01-14 13:06:27 UTC

Permalink

http://nelenkov.blogspot.de/2012/08/changing-androids-disk-encryption.html

---
PGP Key: https://dietrich.cx/pgp | 0x727A756DC55A356B

Post by Diederik de Haas

Post by #359
doesn't separate device encryption and display
unlocking (you can do that yourself if you're rooted) and you always
have to type the looong safe passphrase.

Do you have any instructions or links on how to do that?

johanw

2016-01-14 13:16:08 UTC

Permalink

If they manage to brute-force the password they can recover all
messages. Without it, they can read the metadata (which phonenumber you
messaged with and when) because that is not stored encrypted.

--
Met vriendelijke groet/With kind regards,

Johan Wevers

Shankar Kulumani

2016-01-14 13:20:33 UTC

Permalink

I would suggest not rooting your device as that opens up the possibility
for problems. Especially if you're not completely aware of all the
ramifications of root access on the phone.

I use the Full disk encryption from Android and use a password instead of a
pin. I have a relatively short alpha-numeric password which is the same as
the lock screen. This is better than a numeric pin as there are more
possible passwords and would make any offline access more difficult.

There is a trade off between the length of password which is convenient yet
secure but I've read that either the current version of Android or future
versions are moving to separate the two.

Post by johanw

If they manage to brute-force the password they can recover all
messages. Without it, they can read the metadata (which phonenumber you
messaged with and when) because that is not stored encrypted.
--
Met vriendelijke groet/With kind regards,
Johan Wevers

Laurence Berland

2016-01-14 17:24:07 UTC

Permalink

If you have one of the few android devices with a fingerprint reader, then
you have to type the screen unlock pin/passphrase far less often. This
makes it more convenient to use a strong passphrase for the screen
unlock/disk encryption, though I still hope they will allow setting them
independently at some point...

Post by Shankar Kulumani
I would suggest not rooting your device as that opens up the possibility
for problems. Especially if you're not completely aware of all the
ramifications of root access on the phone.
I use the Full disk encryption from Android and use a password instead of
a pin. I have a relatively short alpha-numeric password which is the same
as the lock screen. This is better than a numeric pin as there are more
possible passwords and would make any offline access more difficult.
There is a trade off between the length of password which is convenient
yet secure but I've read that either the current version of Android or
future versions are moving to separate the two.

Post by johanw

Johan Wevers

2016-01-15 20:31:15 UTC

Permalink

Post by Laurence Berland
If you have one of the few android devices with a fingerprint reader,
then you have to type the screen unlock pin/passphrase far less often.
This makes it more convenient to use a strong passphrase for the screen
unlock/disk encryption, though I still hope they will allow setting them
independently at some point...

The disadvantage of a fingerprint reader to unlock your phone is that
the police here can force you to unlock a phone with a fingerprint (it's
considered the same principle as where you are forced to cooperate with
blood testing when you're suspected of drunk driving), but they can't
force you to tell your password (right to remain silence).

--
Met vriendelijke groet,

Johan Wevers

Laurence Berland

2016-01-15 22:20:41 UTC

Permalink

Yes, it is not ideal. I think overall the fingerprint unlock is a good
tradeoff. If I were going into a situation where I was concerned of an
increased risk of detention or something, such as a protest, I would
disable the fingerprint lock for just this reason.

Post by Johan Wevers

Shankar Kulumani

2016-01-15 23:26:19 UTC

Permalink

Also restarting the phone will force a password, assuming you have full
disk encryption.

When in doubt, restart!

Post by Laurence Berland
Yes, it is not ideal. I think overall the fingerprint unlock is a good
tradeoff. If I were going into a situation where I was concerned of an
increased risk of detention or something, such as a protest, I would
disable the fingerprint lock for just this reason.

Post by Johan Wevers