Samsung: Knox is safe

The encryption keys that Samsung’s security platform Knox generates are indeed safe. At least that’s what the South Korean company claims. Last week, a German security researcher claimed not to.

A security researcher claimed last week that Samsung Knox’s encryption keys are not generated completely randomly, but are based on a hardcoded string and the device ID. That is not the case, claims Samsung. In the first version of Knox, according to Samsung, a completely random key was already generated based on the user’s password and a randomly generated number. In addition, in the new version of Knox, the key strength would have been further increased.

Samsung does confirm that the encryption key is stored locally, as the security researcher claimed. This is done, among other things, to provide a reminder if a user has forgotten his password. However, the electronics giant claims that the key is indeed stored securely, contrary to what the security researcher claimed.

Finally, the business version of Knox does not store users’ PINs in plaintext, Samsung claims. That PIN is needed to get the mnemonic. However, the business version requires a system administrator to reset a user’s password, emphasizes Samsung. However, the company is not commenting on the consumer version of Knox.

Samsung touts Knox as a platform for companies, with which they can, for example, separate private data from business data. Recently, the NSA approved Knox for use by the US government. Earlier this year there were rumors that Samsung would stop with the security platform, but that is not true, Samsung later assured.