| flypig | Just for info (and I guess you're likely already aware), it looks like the 4.3 SDK image is likely to include Rust 1.52.1 (this is an observation, not a promise!): https://github.com/sailfishos/rust/commit/f83100de046721360c38ef58b1ad692744e044ba | 08:05 |
|---|---|---|
| rubdos[m] | OH | 10:08 |
| rubdos[m] | It doesn't even need to ship with the SDK to make me extremely happy, flypig | 10:08 |
| rubdos[m] | That also sounds like there'll be some gecko pushes, I guess! | 10:10 |
| flypig | Ah, sorry, that message was intended for you rubdos[m], I should have mentioned you in it. | 10:11 |
| rubdos[m] | You should have! :-) | 10:11 |
| rubdos[m] | I don't very often open this channel. Which reminds me, there's a reason that I clicked in the first place and I don't remember. | 10:11 |
| flypig | :) | 10:12 |
| flypig | piggz[m], rinigus, should I submit pwdhash for promotion from chum:testing myself, or is this something that you do on the first occasion? I wasn't entirely clear on this point from the docs. | 12:32 |
| lbt | piggz[m]: pong... | 13:41 |
| lbt | nb .. there's a bit of building going on in chum:testing... | 13:46 |
| lbt | https://build.sailfishos.org/project/monitor/sailfishos:chum:testing | 13:47 |
| lbt | cc rinigus ^ | 13:47 |
| rinigus | lbt: nice! | 13:57 |
| itex | why did jolla chose sony phones over any other brand? sony phones don't seem to be the best price/quality ratio | 13:57 |
| rinigus | flypig: as soon as the first submission is done, you are made maintainer in :testing. thus, you can update directly there. when ready, please submit package from :chum:testing to :chum | 13:58 |
| lbt | itex: they're open | 13:59 |
| mdx | itex, https://developer.sony.com/develop/open-devices/ | 13:59 |
| ggabriel | the gemini pda isn't sony though ;-) nor are the jolla devices | 14:02 |
| Nico | Jolla often is also looking into device suggestions. While supporting newer Xperia devices is usually of course easier, I think they would also be open to supporting other devices, if there is a good reason for it | 14:03 |
| flypig | rinigus, got it. Thank you! | 14:05 |
| ggabriel | doing the hw adaptation is not easy, iirc, the gemini pda became somewhat supported after the community did a lot of work. Personally, I wouldn't mind seeing sfos officially on the fair phone, now that google can't force you to not have android alternatives, but I can already hear the screams "but but the cpu is not fast enough!" | 14:05 |
| rinigus | lbt: let's hope that Jolla will give you time to do the same with the next release as well :) | 14:07 |
| lbt | rinigus: oh it doesn't normally take long - there's a bit of an ugly hack in our internal system to support rust and it causes problems | 14:09 |
| lbt | mainly I forgot what the solution was from last time :D | 14:10 |
| lbt | now I added it to the docs I have and it should be fine in future | 14:10 |
| itex | i see | 14:11 |
| itex | but so are google pixels, no? | 14:12 |
| Nico | ggabriel: Yeah, the community will complain in any case :D | 14:14 |
| ggabriel | too many devices, too few jolla staff; also, who says the pixels have better quality than the sonys? :) | 14:14 |
| Nico | But the screen is bad! It is too big! It is too small! The CPU is too slow! The battery is too small! It doesn't have a hardware keyboard! The screen isn't OLED! Where is my tap to wake? | 14:15 |
| ggabriel | I really miss double tap to wake | 14:15 |
| itex | 300 euros for a snapdragon 665 phone is mehh value | 14:16 |
| Nico | I found always on screen + fingerprint unlock to actually be somewhat better than double tap to wake :D | 14:17 |
| ggabriel | "value" is a strong word | 14:18 |
| ggabriel | Nico: fingerprint is not very good for those security conscious | 14:18 |
| itex | true | 14:18 |
| Nico | itex: Yeah, but if you buy it used you get it much cheaper. Also it does have a headphone jack, which by itself is a 60€ value add. It takes Jolla at least half a year to port, in that time most phones lose 30% of their value on the used market :3 | 14:19 |
| ggabriel | I got an x10 for about 90 euros :P | 14:19 |
| Nico | ggabriel: Let's talk about that, when I can ue something different than a few digits for the device encryption, I guess? | 14:19 |
| ggabriel | Nico: that's not the point | 14:20 |
| ggabriel | I can haz both | 14:20 |
| Nico | For me the device lock on a device is just to prevent my sister from changing my timezone again :D | 14:21 |
| ggabriel | again, not the point | 14:22 |
| itex | in my country used Xperia | 14:22 |
| Nico | If someone steals the phone, it will be easy enough to bypass by just pulling the lvm superblock and cracking the device lock code | 14:22 |
| itex | 10 II is 200 eur | 14:22 |
| Nico | ggabriel, then what is the point? I don't see it :3 | 14:22 |
| ggabriel | Nico: again, not the point :) and I'd like to see anybody doing that | 14:22 |
| ggabriel | Nico: the point is: double tap the screen to wake up the phone instead of fiddling with the button | 14:23 |
| Nico | I see | 14:23 |
| itex | if someone is ready to do that kind of attack on a phone maybe you shouldn't keep anything on your phone | 14:23 |
| Nico | But that only makes sense, if you don't use a lock code, don't you? | 14:23 |
| ggabriel | the lock screen is more powerful than you think: try setting a max of 3 tries, and you'll see | 14:23 |
| ggabriel | and for the luks "cracking", well, I want to see realistically how long it takes, it isn't that easy | 14:24 |
| ggabriel | but agree there should be a bigger passphrase | 14:25 |
| ggabriel | the competition doesn't have that either, fwiw | 14:25 |
| ggabriel | in fact, all you have to do is ask apple or google to unlock the device and that's it | 14:25 |
| Nico | Because only digits are allowed, you only need to try 10^6 different variations (unless you use a longer lockcode). Unlocking on the phones CPU takes a second, I am somewhat sure my 16 cores can do that faster, lets say 100ms, then it would take 3h to crack | 14:26 |
| Nico | Unless I messed up my math | 14:26 |
| ggabriel | Nico: I'd like to see you try :) | 14:26 |
| Nico | Maybe after my exams :D | 14:27 |
| ggabriel | sure, you'll find that the speed at which the passphrase is validated doesn't vary too much on cpu speed or number of cores | 14:27 |
| ggabriel | but by all means write a paper and present it somewhere, it should be interesting | 14:27 |
| ggabriel | then we can lock apple and google phones with that | 14:27 |
| ggabriel | or rather, that's already possible | 14:28 |
| ggabriel | *shrug* | 14:28 |
| * ggabriel double taps | 14:28 | |
| Nico | I really don't care about apple or google devices, I never used those :D | 14:28 |
| Nico | I just want an alphanumeric decryption passphrase :3 | 14:28 |
| rinigus | Nico: LUKS encryption with alphanumeric string (either as you entered or further processed by HW bound key) is coming to Tama and sounds like to Volla as well. just few bugs left in https://github.com/sailfishos-open/sailfish-device-encryption-community/issues | 14:37 |
| rinigus | + testing by others | 14:37 |
| rinigus | mainly have to fix now actdead, which should be simple compared to the rest. but you never know about possible surprises | 14:40 |
| Nico | ggabriel, I just tested it, took 6 minutes | 15:00 |
| Nico | rinigus, I've been following that with great interest and looking forward to having that on my 10 II too :3 | 15:01 |
| rinigus | Nico: can't promise 10II - you may have to contact the porter in your case. :) | 15:24 |
| Nico | :D | 15:24 |
| Nico | ggabriel: I posted my results here, because I didn't feel like writing a paper: https://forum.sailfishos.org/t/how-to-unlock-the-encryption-of-your-home-if-you-dont-know-your-lock-code-bruteforce/3004/8?u=kuroneko | 15:39 |
| rinigus | Nico: excellent! do you know some kind of dict attack software? so I could test the same with LUKS encrypted by alphanumeric one? | 15:46 |
| Nico | hashcat and johntheripper by default do dictionary attacks | 15:47 |
| Nico | I just restricted it to brute force, because it should be faster in the only digits case :3 | 15:47 |
| rinigus | I suspect that the password generated by hwcrypt (password text | argon | rsa-signed by hw key) is out of that type of test... | 15:47 |
| Nico | This is a great resource on that topic: https://diverto.github.io/2019/11/18/Cracking-LUKS-passphrases | 15:48 |
| Nico | I do know though that cracking a few of my old DES passwords took a few hours, so extra chars help a lot :D | 15:49 |
| rinigus | Nico: thanks, I will test it with some simple passwords | 15:51 |
| rinigus | Nico: not sure whether defaults changed, but I bumped into https://github.com/hashcat/hashcat/issues/2178 | 16:11 |
| rinigus | luks2 + argon2i. | 16:12 |
| rinigus | but anyway - I am convinced that those PINs can be bruteforced quite easily | 16:12 |
| rinigus | I just better put my time into fixing issues :) | 16:13 |
| Nico | Sounds good :3 | 16:22 |
| Nico | I think hashcat only really supports luks1, which my 10 ii uses | 16:23 |
| Nico | For luks2 johntheripper is probably better | 16:23 |
Generated by irclog2html.py 2.17.1 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!