Android Stuck at “Encrypting SD card: 0%”

So I got my Note 8 and started going the laborious, multi-day process of moving all of my apps, data and settings when I ran into an odd roadblock. I couldn’t get my Note 8 to encrypt my SD card.

I’ve got a 200gb microSD card that I unencrypted on my V20 and had been using without an issue in my Note 8. Since it can take hours to for Android to encrypt such a large microSD I waited until the end of the day and got the encryption process going.

Except rather than actually encrypt the microSD card, the process was stuck for about 20 minutes (way too long) with this message:

Encrypting SD card: 0%

It never advanced past that. A couple Google searches only turned up a single forum post about that specific problem, though there were other posts regarding Android getting stuck encrypting SD cards. One of the replies to the user who had the same problem I was experiencing set off a light bulb in my head:

Is your lockscreen locked with a password? If not, the SD card won’t encrypt. (You should be given that message as soon as you try to encrypt it.)

Okay, I’ve got a lockscreen password set, so it should start encry….hey, wait a minute, it couldn’t possibly be… oh, FFS, it is.

So, I own a Samsung Gear S3 watch. Typically I set my phone up so that it will unlock without having to enter my phone password as long as it is connected via Bluetooth to the watch.

And wouldn’t you know it, the second I disabled that feature on the phone, the encryption process actually started.

Okay, that’s ridiculous. If having something like that option turned on is going to prevent the OS from encrypting the microSD card, then the OS shouldn’t allow the users to choose “Encrypt SD card” until the unlock feature causing the problem is resolved.

The “Encrypt SD Card” button should be grayed out with a message like:

This device can be unlocked by the presence of a paired Bluetooth device. The SD card cannot be encrypted while the phone is configured this way.

A better option would be to allow the user to encrypt the microSD card in this state, since it applies only to the initial encrypting of the card rather than its ongoing use.

What’s the point of the system refusing to allow you to encrypt a microSD card if the device can be unlocked by the a Bluetooth device, when it’s going to allow the user to routinely access the data on the microSD card via this method once it is finally encrypted?

Let’s Encrypt Reaches 100 Million Certificates Milestone

Let’s Encrypt announced this week that they’d passed the 100 million certificates issued threshhold,

Let’s Encrypt has reached a milestone: we’ve now issued more than 100,000,000 certificates. This number reflects at least a few things:

First, it illustrates the strong demand for our services. We’d like to thank all of the sysadmins, web developers, and everyone else managing servers for prioritizing protecting your visitors with HTTPS.

Second, it illustrates our ability to scale. I’m incredibly proud of the work our engineering teams have done to make this volume of issuance possible. I’m also very grateful to our operational partners, including IdenTrust, Akamai, and Sumo Logic.

Third, it illustrates the power of automated certificate management. If getting and managing certificates from Let’s Encrypt always required manual steps there is simply no way we’d be able to serve as many sites as we do. We’d like to thank our community for creating a wide range of clients for automating certificate issuance and management.

The press release also notes that when Let’s Encrypt began issuing certificates, Firefox’s Telemetry report found that

. . . less than 40% of page loads on the Web used HTTPS . . . In the 19 months since we launched, encrypted page loads have gone up by 18%, to nearly 58%.

A very good trend.

VeraCrypt

With the demise of TrueCrypt and the abandonment of DiskCryptor, VeraCrypt is the best remaining free, open source disk encryption solution. It is a fork of TrueCrypt project that made a number of changes designed to address limitations of TrueCrypt.

I’ve been gradually migrating all of my encrypted hard drives over to VeraCrypt and have been very pleased with its performance and ease-of-use.

Let’s Encrypted Reached 20 Million Active Certificates in 2016

Interesting look from Let’s Encrypt Executive Director Josh Aas on the explosion in certificates that the free service has seen since its launch in 2015,

At the start of 2016, Let’s Encrypt certificates had been available to the public for less than a month and we were supporting approximately 240,000 active (unexpired) certificates. That seemed like a lot at the time! Now we’re frequently issuing that many new certificates in a single day while supporting more than 20,000,000 active certificates in total. We’ve issued more than a million certificates in a single day a few times recently. We’re currently serving an average of 6,700 OCSP responses per second.

. . .

When 2016 started, our root certificate had not been accepted into any major root programs. Today we’ve been accepted into the Mozilla, Apple, and Google root programs. We’re close to announcing acceptance into another major root program. These are major steps towards being able to operate as an independent CA.

EFF Says HTTPS Deployment Saw Major Growth in 2016

In an end-of-the-year summary, the Electronic Frontier Foundation noted that deployment of HTTPS grew dramatically in 2016,

By some measures, more than half of page loads in Firefox and in Chrome are now secured with HTTPS—the first time this has ever happened in the Web’s history. That’s right: for the first time ever, most pages viewed on the Web were encrypted! (As another year-in-review post will discuss, browsers are also experimenting with and rolling out stronger encryption technologies to better protect those connections.)

The EFF sites the availability of tools and services such as Let’s Encrypt that make obtaining and deploying certificates easier, as well as increasing pressure on companies to encrypt all traffic rather than just specific subsets.

The one troubling spot is that this increase isn’t necessarily distributed well geographically,

A caveat: data from Google shows that use of HTTPS varies significantly from country to country, remaining especially uncommon in Japan. We’ve also heard that it’s still uncommon across much of East and Southeast Asia. Next year, we’ll have to find ways to bridge those gaps.

I’ve used HTTPS on 99 percent of my server for years now, but there was a tiny portion that was not HTTPS because of a specific application that used its own non-Apache server that did not play well with the Wildcard SSL certificate I use. This year, finally, I was able to use Let’s Encrypt to flawlessly install a certificate just for that. The process for doing so was ridiculously easy and took about 10 minutes from beginning to end to configure and test.