Just recently, the latest CyanogenMod nightly began supporting encryption on my phone, even though the bugreport still says it's an open issue. I don't mind. Anyway, this allowed me to finish a major project of mine: Protect the data on my phone, even in the case of a theft, while maintaining the ability to use the device conveniently. The goal. I want a strong disk encryption password, but i want a weak screen password or PIN, because unlocking the device is a frequent task. In such a scenario, it makes sense to implement an account lockout policy: In other words, we want the phone to shut down after, say, 3 failed attempts to unlock the screen. This prevents the screen password from being brute forced. Your device needs to be rooted to do everything I did. You will also need the Android studio if you want to do this properly, and it's a large download, you might as well start now. Click here if you're still interested.
I really love Signal, but it is lacking a good Public Key Infrastructure. I hope this is something that the WhisperSystems people are going to be working on in the future, because all the potential is there: The authentication method of scanning QR codes is brilliant, because it is so usable. For now, I have my fingerprint up on my homepage so people can verify it (as long as they believe that I have full control over my homepage). If you want to get your fingerprint as a QR code image file, this is what you do: Get the
qrencodecommand line tool either through your Linux package manager or through cygwin on Windows. In Signal, choose My identity key from the main menu and type those digits into a file, say
textsecure-fingerprint.txt. Then, use this little Python script to generate the QR code:
And there you go. If someone knows how to get the fingerprint directly from the device, I'd be happy to know that.
from base64 import encodebytes from os import system d = open("textsecure-fingerprint.txt","r").read().strip().split() k = encodebytes(bytearray.fromhex(''.join(d))) system("qrencode -o textsecure-fingerprint.png -l L -t PNG " + k.decode("utf-8"))