A device is encrypted but does not require the user to input any password or PIN. The key is also stored on the device. At first I thought this is completely pointless: an adversary getting hold of the device can easily access both the key and the encrypted data. But I can now see it has some limited benefits:
All the data on the device can quickly and securely be wiped by securely wiping just the key. (Though the flip side is that accidental damage to the key will destroy all the data. Redundancy of the key makes it more difficult to securely erase.)
The key could be stored separately on the device from the rest of the data, in storage that is difficult to extract. This forces the adversary to go through the running phone to extract the data, which could be monitored or bandwidth limited and so forth.
No comments :
Post a Comment