Adiantum is a new form of encryption that we built specifically to run on phones and smart devices that don’t have the specialized hardware to use current methods to encrypt locally stored data efficiently. Adiantum is designed to run efficiently without that specialized hardware. This will make the next generation of devices more secure than their predecessors, and allow the next billion people coming online for the first time to do so safely. Adiantum will help secure our connected world by allowing everything from smart watches to internet-connected medical devices to encrypt sensitive data. (For more details about the ins and outs of Adiantum, check out the security blog.)
Encryption should be available on every single Android phone, not just the high-end, expensive models only the lucky few in the world can afford. Good move.
I swear I read adamantium. Am I the only one?
No.
No. Me too. I had to do a double-take to be sure I was reading it right.
I thought encryption was already required in android and didn’t realize there were exceptions for those lacking hardware crypto.
https://source.android.com/compatibility/9/android-9-cdd
Not a terribly useful sample set, but I was curious and tested performance using aespipe,
My ODROID-XU4 (ARMv7) encyrpts/decrypts about 42MB/s
A 2008 x86 xeon processor handles about 57MB/s.
Hardware based crypto on i7-3700 is 1400MB/s
Hardware based crypto on i9-9900k is 1700MB/s
The security blog says they deliberately weaken the adiantum crypto using a reduced the number of rounds for the ChaCha cipher (from 20 to 12). They justify this saying only 7 rounds have been publicly broken in 2008, but it’s technically less secure than ChaCha implementations used elsewhere.
https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant
There’s still no known crack today, but it does take away safety margins should a crack be discovered. It’s better than no crypto, but it kind of irks me that google opted to weaken the crypto to get those performance numbers.
Encryption is not only available in high-end Android devices. I have low-midend Oppo and my wife has a high-lowend Cherry Mobile. Both have device encryption.
Soulbender,
I also have a low end device, and it also has encryption – I thought they all did. My guess that some low end devices already had encryption despite it not being officially required by google in the license terms. Oh well…only thing is I hope we don’t get updates/new products that do away with AES in favor of a weakened ChaCha cipher since that could be a regression in my opinion.