overview for AsudoxDev

what is your Favorite passwords manager and why in c/[email protected]

[–] AsudoxDev 3 points 1 month ago

oh yeah sorry meant less than a euro

Police want the password to your phone in c/privacy

[–] AsudoxDev 2 points 1 month ago* (last edited 1 month ago)

PSA hitting your power button (5)? times in a row (however many it takes to bring up the SOS screen) on an iPhone will disable biometric login until you’ve entered your password again.

I responded to that with:

That does not encrypt your storage. It simply disables the biometric authentication methods. Which means they can see your stuff if they get into the phone via a exploit.

That emergency mode that is activated by hitting the power button 5 times does not encrypt the storage. It merely disables the biometric authentication methods and possibly other things related to security, but it does not encrypt the storage. The phone stays in the AFU state and therefore the decryption keys are still somewhere in the hardware chip's memory.

Police want the password to your phone in c/privacy

[–] AsudoxDev 0 points 1 month ago* (last edited 1 month ago) (2 children)

I never said anything about the phone not being encrypted by default. I am talking about the emergency mode iOS devices have.

rule life in c/[email protected]

[–] AsudoxDev 4 points 1 month ago

Now that you mention it, does seem a bit like Louis as well lol

Police want the password to your phone in c/privacy

[–] AsudoxDev 2 points 1 month ago* (last edited 1 month ago) (2 children)

Correct, though it still is saved somewhere. Just like how TPMs in Computers can be exploited as well, this also can be. What I meant in my original comment was that the emergency mode did not clear that hardware chip's storage, which others said otherwise.

edit: corrected mistake according to ethan

Police want the password to your phone in c/privacy

[–] AsudoxDev 8 points 1 month ago* (last edited 1 month ago) (5 children)

You didn't read the article you linked to, did you?

The encryption by default you speak of is before the first unlock, that is, locked with something like a password or PIN. After the first unlock, the decryption key is stored in memory and your filesystem is pretty much vulnerable to anyone that can get access to the memory. That is why you can even unlock your phone with your face or fingers, because all that is a simple boolean value that indicates whether you logged in or not. You can't "generate" or get a key from your face nor fingers.

Police want the password to your phone in c/privacy

[–] AsudoxDev -3 points 1 month ago (12 children)

That does not encrypt your storage. It simply disables the biometric authentication methods. Which means they can see your stuff if they get into the phone via a exploit.

Is Cromite on Android a viable alternative to Firefox based browsers? Any Experience? in c/[email protected]

[–] AsudoxDev 1 points 1 month ago

All good.

Passwords have problems, but passkeys have more in c/[email protected]

[–] AsudoxDev 3 points 1 month ago* (last edited 1 month ago) (1 children)

Bitwarden is an online password manager and no I don't consider self hosting it offline.

What are some mind blowing Rust tricks? in c/rust

[–] AsudoxDev 12 points 1 month ago (2 children)

What madness caused this

Passwords have problems, but passkeys have more in c/[email protected]

[–] AsudoxDev 6 points 1 month ago* (last edited 1 month ago) (5 children)

Passkeys are only good if they aren't in a online password manager. They are better than TOTP 2FA in terms of security and phishing resistance. I see 2FA as a last resort when someone even gets into my password manager. Storing passkeys completely makes this useless, as I'm sure anyone that can log into my accounts would've done so by getting a hold of my unencrypted password manager database. Unless android provides a real offline way of storing passkeys in the device, I am not interested alot.