Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No easy way to know which phone has hardware encryption, and what are the risks involved. #2080

Open
gui1117 opened this issue Sep 21, 2023 · 2 comments

Comments

@gui1117
Copy link

gui1117 commented Sep 21, 2023

In the app there is the information: "Hardware seed protection: false" but no other information is given.
I think some help should be shown explaining what are the risks and how to prevent them.

Like apparently the phone I'm using can encrypt sd card but I'm not sure if polkadot vault will be able to store the seeds there or not.

Also on the wiki: https://paritytech.github.io/parity-signer/tutorials/Start.html
In "Set up phone" section there is this line "Seed secrets are protected with hardware encryption based on vendor authentication protocol."
Ideally it would be great to link to ways to know what phone gives hardware encryption, like maybe some website have some lists of phone with such features?

@Dmitry-Borodin
Copy link
Contributor

Note, it's this data https://developer.android.com/reference/androidx/security/crypto/MasterKey#isStrongBoxBacked()

From my side - it's recommended to have android 9 Pie (API 28) or higher. Lower versions won't have strongbox.
I think it make sense to add to the guide.

It's a good feedback to think about list of some recommended phones. Not only for hardware encrypted chip, but some more or less trusted firmware as well, which is a debatable question.

@gui1117
Copy link
Author

gui1117 commented Sep 24, 2023

thanks for the reply, note that I tried samsung a04s which is using android 12, but it is the cheaper line so maybe some features are missing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants