Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Isn't this stupid?

Why not flush something properly in the RAM instead to wipe the "cached" secrets?

A full restart feels like an overkill.



That "something" is at least the entire userspace, so any attempt at doing so ends up being UX-equivalent to a full restart - while having a decent chance of leaving unintended trace data lying around in memory.

A full restart guarantees that everything will be wiped.


It’s not about data being wiped. It’s that neither Android nor iOS has fully encrypted storage after you reboot and enter your credentials - biometric or passcodes.


It’s not just the RAM. Android devices and iOS devices are not that secure after first unlock (AFU).

https://blogs.dsu.edu/digforce/2023/08/23/bfu-and-afu-lock-s...


The system is provably fully encrypted after a restart.


Not really.

Restart - simple with known and predictable effects, data no longer accessible, all secrets flushed no matter where they were or cached.

Turn off disk encryption, suspend all running services, overwrite all secrets in the O/S wherever they are, and then restore all that on entering password. Probably can't do anything about secrets cached by actual apps. Complex, hard to maintain and probably buggy.


It also terminates almost all malware and makes sure the device is encrypted and the keys cannot be extracted.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: