Is there a detailed description of unlocking attempts of Pixel 8 with Graphene OS on it?
For each case be it a BFU, AFU, owner or user profile if it matters? If Graphene OS adopts the AOSP flow in this, then please point me to description of it in AOSP.
And if there is a thorough testing of this available please point me to it as well.
GrapheneOS improves the security of the fingerprint unlock feature by only permitting 5 total attempts rather than implementing a 30 second delay between every 5 failed attempts with a total of 20 attempts. This doesn’t just reduce the number of potential attempts but also makes it easy to disable fingerprint unlock by intentionally failing to unlock 5 times with a different finger.
Also this
The secure element also provides insider attack resistance preventing firmware updates before authenticating with the owner profile.
Standard delays for encryption key derivation enforced by the secure element:
0 to 4 failed attempts: no delay 5 failed attempts: 30 second delay 6 to 9 failed attempts: no delay 10 to 29 failed attempts: 30 second delay 30 to 139 failed attempts: 30 × 2⌊(n - 30) ÷ 10⌋ where n is the number of failed attempts. This means the delay doubles after every 10 attempts. There's a 30 second delay after 30 failed attempts, 60s after 40, 120s after 50, 240s after 60, 480s after 70, 960s after 80, 1920s after 90, 3840s after 100, 7680s after 110, 15360s after 120 and 30720s after 130 140 or more failed attempts: 86400 second delay (1 day)
Invalid input outside the minimum or maximum length limits of the UI won’t trigger an attempt at authentication or key derivation.
And the above mentioned lengths are from 4 to 128 characters?
I appreciate your help, somehow I was missing this delays breakdown.
Does it equally apply to unlock in BFU AFU owner and user profiles?
I’m not sure this time delay table is accurate to date.
In testing after the 5th attempt I received a 60 second delay. After the 6th attempt I received a 300 second delay.
It is incorrect indeed. Moreover, in my observation, the time delay is failing.
I believe if you attempt a value previously attempted, it does not count against your total attempts. Thought I don’t know the specific rules or if that feature persists reboots.
You’re right, apparently they are not up to date
These throttling times were fully accurate but we likely need to update it for the newer releases of the firmware