suppose i had to turn over my phone to law enforcement, and I can power it off before doing so. even if they have cellebrite or some other shit and can get kernel code exec, that wouldn't be enough right? they'd still need either my PIN or a keymaster vuln to get the data out
@mildsunrise if it's encrypted I don't think they can do anything short of brute forcing your code? there could always be some sorta weakness in that part I suppose
@mildsunrise my understanding is that your PIN is part of the key
@noiob @mildsunrise
you pin is mixed in yes
also important: per CPU data is mixed in too
they need to brute force it on the phone itself
unfortunately depending on which method you use there can be very few combinations
@tthbaltazar @noiob hm, PIN being mixed into the key itself? do you have a source for that? that's not what i remember 
(at least not from the current implementation)
also important: per CPU data is mixed in too
are you talking about the keymaster implementation too, or is this something separate?
@tthbaltazar @noiob hm so my memory was that vold would not stretch keys when the keymaster-backed encryption layer was in use -- instead the password would be enforced by keymaster on that key. this article seems to claim that both things (encryption using the keystore key + stretching with synthetic password) are in use? that's good to hear, and now i wonder if my memory is incorrect or aosp changed at some point
@noiob my question here is if kernel code execution would be enough for them to be able to just query the encryption key, or if they'd need to input a PIN into the keymaster (or penetrate further into the keymaster) to do so