Adding in ARMORED - Storing Encryption in keys outside of RAM. Tested it against FROST and it works. So hopefully it works well enough with mobiflage for the next build.
Interesting. Was this in their white-paper or elsewhere. I would like to read more. I didn't see anything mentioning it.
I am thinking about purchasing a Google Nexus 4. Does Guardian Rom work with both 8 GB and 16 GB versions?
Yes it does. A new build is coming out here. Just with the minor fix of using our own signing keys instead of test keys. This way only we can sign apps to have system permissions. After that we are working on: Recovery Only accepting our key GUI Front-End for Mobiflage/encryption GUI Front-End for shred Armored - Move Keys out of RAM Deniable encryption has to be setup first if you want it. You can't migrate from standard to deniable encryption without wiping.
Should be the same if not better. If you don't run google apps you save quite a bit of battery life as Maps and google talk aren't always running in the background. I doubled my battery life doing this alone.
x942, Is there anyway to have NFC available on the pre-boot authentication screen when using LUKS (System Encryption)? I envision using a Yubikey Neo to strengthen the pass phrase. EncPassChanger allows you to use as many characters as you want, using the underlying dm-crypt commands. PD
That's from the Grsec twitter. Not sure where he's getting it from, but I'd consider it a trusted source.
NFC will not be available at pre-boot but we are working on using it for the Lock-Screen. Right now it will use the OTP in conjunction with a PIN or pattern. So true two-factor auth. NFC is a security risk (an exploit could be used to take over the preboot environment and key-log you for example) or I would include it at preboot. Instead I recommend using an OTG cable if your phone supports it. Awesome. Thanks!
Sounds good, agree on NFC, what was I thinking! So USB-OTG will work at Pre-Boot? Awesome if correct. PD
AFAIK it does. I read some where suggesting this but I haven't tested it as my Nexus 4 doesn't support OTG.
I just had a hacker take everything, so this would be perfect for me... I appreciate what you're doing. About to buy a new mobile device but on a budget. Is it yet supported on the Nexus One? Are there some other cheap phones you plan to support soon? Any new milestones coming up I should consider before picking a device? Does anyone have a clue if it's possible to put Tor Tails on a cell phone complete with SMS and calling ability?
Nexus One no sadly. It's just too out of date. We had terrible results with testing encryption on the device. We are trying to get units made of our own. It's hard to find though. For high-end we may just ship pre-flashed Nexus 4's with technical support and ease of use being why you would pay instead of DIY. For cheaper market I am looking into buying some prefabbed Chinese phones and loading the ROM onto those. A lot of those companies will let you do it. Stay tuned to this thread and our site for updates. This is our rss feed Stable build is due on the 12th of August. Just running some security audits on it.
Does the Orweb bug -https://guardianproject.info/2013/08/21/orweb-security-advisory-possible-ip-leakage-with-html5-videoaudio/- apply to Guardian ROM? Edit: I see "This does NOT affect users who use the root mode with transparent proxying, as that handles proxying the entire traffic of the entire device or a particular app." Is that how Guardian ROM does it?
Great project I'm quite new to Android and Custom ROMs, how would this compare against other privacy and security focused ROM's like WhisperCore and the popular CyanogenMod?
WhisperCore stopped at Gingerbread 2.3.5. It *did* encrypt everything, much like TrueCrypt does, with just a small, unencrypted bootloader being in the open. Never used CM. PD
Right now OrBot uses root. Stable version we are looking at how to integrate root securely. WhisperCore is basically the same idea. whispercore is dead now sadly and last update was gingerbread. We also bring more to the table with deniable encryption and other features like Tor. CM is not a privacy focused/security focused ROM. While they are trying to put more effort into it they still have an insecure kernel (No GrSecurity) and unnecesary binaries (like SSHD) on the device. Sysctl is not patched to prevent MITM attacks and they do not sign with a private key. Meaning anyone can upload an apk signed with their system key (which is in there source repo) and now that app has system permisions. AFAIK WhisperCore did not encrypt /system. /System is read-only and holds no sensitive information so regardless if they did or not, there is no real leak in not encrypting it.
Possible future user. Im interested in this, especially privacy wise. However I have 2 requirements: 1. I am a complete noob with linux and ROMs so this has to be user friendly - is this user friendly? 2. I still need several key apps and they are found in Google Play store - can I still donwload apps from google play store?
Thanks for the explanation I don't know how Root access is done in Guardian Rom, but while Cyanogen may be not have the best security, they do have an interesting model of different levels to make a gaping hole somewhat smaller if you don't need Root for everything: I'm not sure if this is right, but it seems to me that if an App needs Root, Root needs to stay enabled. E.g. you can't enable Root, install the App, and disable it again, correct? In basic comparison to Windows XP, you either use a Admin account and everything can run as Admin, or you use a standard account and nothing can. So it's very basic. But in Windows the advantage is that you can give something like a firewall Admin rights by running it/installing in the Admin account and then you can go back to you standard account while your firewall still has Admin rights and everything else is running safely under standard rights. Or later Windows versions which have a more convenient UAC Admin account where you can selectively give Admin rights through UAC pop-ups. If some model like this could be implemented, it would be a lot safer than the standard Android Root model.
Yes. Lots of stuff is happening, We were about to release stable build when we got some exciting news. This sadly means the project was put on a brief hold so we can get it up and running again. We have lots of goodies, and security enhancements coming shortly, as well as running for a round of funding. I will post more info in the coming days.
Will Guardian Rom also change the default ciphersuite preference? https://www.wilderssecurity.com/showthread.php?t=354598