Appreciate the thoughts.

Martin Shelton

Jan 5, 2017·1 min read

Appreciate the thoughts. My understanding is that on Android devices, cryptographic keys are recoverable when sitting in RAM. For normal users, punching in their password once means they have their cryptographic keys in RAM until they restart their phone, even when the device is locked. If the phone hasn’t been turned off or the attacker knows how to keep the keys in RAM (e.g., with a cold boot attack, like you described), the keys can be recovered. In effect, this means the phone needs to be turned off completely and given time to “cool down” for disk encryption to work.

More here:

The limitations of Android N Encryption

Over the past few years we've heard more about smartphone encryption than, quite frankly, most of us expected to hear…

blog.cryptographyengineering.com

The limitations of Android N Encryption

Over the past few years we've heard more about smartphone encryption than, quite frankly, most of us expected to hear…

Martin Shelton

More from Martin Shelton

More From Medium

Two-Factor Authentication for Beginners

Bitwarden for Beginners

9 Painful Signs That Your Partner Is No Longer In Love With You

Bitcoin Hitting $100,000 Doesn’t Matter. Many People Have Missed the Point.

Three Things in Life That Aren’t Worth The Effort

NYTimes Peru N-Word, Part Three: What Happened in the 2019 Investigation?

The Negative Side Effects of Beautiful Women

The Nastiest Trick in the Narcissist Playbook