>All company-ensued laptops are encrypted here. Encryption of phones is “strongly encouraged” (required by people in some sensitive positions).
Companies can force people to do quite a lot. How many end-users have their hard drives encrypted, though? Not much.
>It's their choice. BTW you do understand that even if phone is protected by strong password when it click the “power” button you are presented with usual “draw a pattern on a grid” screen, right? You only need to enter password if you tried to “draw a pattern” three times incorrectly or if your phone run out of juice and was powered off totally (not just went to sleep, but was fully powered off).
Of course, I understand that. But for me fully powering off my phone can happen several times a _day_ when I have to change batteries.
>Yup. I'm talking about these. As someone who participated in creation of HSMs (albeit few years ago) I can assure you: they are made using the same principles as SIM card. If you want to stuff HSM in SIM, it's easy to do. Or you can embed it in phone SOC.
Well, I had my SIM card's contents dumped without any troubles a couple of years ago when I was playing with software-defined radios. So I'm a bit skeptical about actual security, though of course one can fit almost anything on SIM cards these days.
>This scheme is quite vulnerable to MITM attack. Just catch first request, allow the next one (user will just assume first request was lost), then play it when the phone is in your possession.
No it isn't. I've specifically mentioned that nonces (numbers that are used only once) should be used, against this very attack.
>It depends on how much people value their information. Security and convenience are always at odds: you can try to improve security without adding “hard to use” steps, but you can only do so much.
And I intend to push limits a bit on some of the 'easy' ways to encrypt data.