EncPassChanger: Android’s Encryption Settings Fixed
Posted August 21, 2012 at 02:00 am by FallenWriter
The stealth helicopter hovers outside the dimly lit compound as XDA Elite Recognized Agent AdamOutler rappels down onto the warm desert floor. He stops and surveys the area, looking for an entrance into Verizon’s secure fortress. The smell of gasoline and smokeless powder fill the air. As he slips past the guard tower’s spotlights, he stops. One of the soldiers has exited into the common area for a smoke. Agent Outler takes aim and shoots the man in the neck with a tranquilizer dart. He drags the guard into a spot not covered by the searchlight patterns and takes the man’s keycard.
Upon entering the facility he looks at the directory given to him by the secretive African-Canadian Sock Monkey. Outler heads to the R&D center, narrowly managing to evade a set of armed security personnel in the process. He navigates through the laser sensors and opens the door to Verizon R&D’s Secure Storage Vault. The door rolls to one side to reveal a single flash drive sitting on a pedestal. This drive contains the last of Verizon’s prestige: an unlocked bootloader for the Verizon version of the Samsung Galaxy S III. Like Indiana Jones, he flees the room as alarms blare violently, announcing his presence to the world. He takes his Galaxy Nexus from his pocket and types the pin. He attempts to enter twenty-three digit number, but the phone tells him it is invalid. Running frantically, he desperately attempts to get the device unlocked so he can call for an evac. After several more attempts he curses the day Google decided to make the pin for device encryption the same as for unlocking it.
While Agent Outler is narrowly able to escape, things would have been so much easier had he been able to unlock his phone.
Android and Encryption
As ICS or Honeycomb users know, having to encrypt your device on Android is a royal pain. You see, the number you choose for your encryption key also has to be your lockscreen pin. So either you have to use a short number, which weakens encryption and makes it easier to unlock or you use a long number, which makes encryption stronger but makes it a royal chore to unlock your device every time you need to use it. Even for someone like your’s truly who values security and privacy above all else, I hate having to use Android’s default encryption/decryption setup.
Apparently I’m not the only one who feels this way, as XDA Forum Member Kibab has come up with a solution for this with his latest application, EncPassChanger.
How Android Should Treat Encryption
Having a secure key is a must for encryption security. Yet for some reason, Google treated this feature like an afterthought. What EncPassChanger does is use the existing command line tools present in Android to change your encryption password via root access. The application is extremely simple to use. First encrypt your device like normal, making sure to use your lockscreen pin like normal. Next install and run EncPassChanger. When the app opens, it will simply ask you for your old password and your new one. Enter it, grant root access, and presto! Your encryption password is now different from your lockscreen pin. It’s really that easy.
So if you’re looking to use this awesome app or you’re a dev who feels like contributing, head on over to the original thread and give this a go.
Want something on the XDA Portal? Send us a tip!