Slashdot Mirror
Apple Will No Longer Unlock Most iPhones, iPads For Police
SternisheFan writes with this selection from a story at the Washington Post: Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user data. The move, announced with the publication of a new privacy policy tied to the release of Apple's latest mobile operating system, iOS 8, amounts to an engineering solution to a legal dilemma: Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that makes it almost impossible for the company – or anyone else but the device's owner – to gain access to the vast troves of user data typically stored on smartphones or tablet computers. The key is the encryption that Apple mobile devices automatically put in place when a user selects a passcode, making it difficult for anyone who lacks that passcode to access the information within, including photos, e-mails, recordings or other documents. Apple once kept possession of encryption keys that unlocked devices for legally binding police requests, but will no longer do so for iOS8, it said in a new guide for law enforcement. "Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data," Apple said on its Web site. "So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."
So everything is protected by a 4 digit passcode?
Wow... Impregnable.
News for merdes. Shit that matters.
Ask me about my sig.
I'm not sure I do.
This is how things are supposed to be. The legal system was designed for individuals "to be secure in their persons, houses, papers, and effects."
I said no... but I missed and it came out yes.
My luggage only has a 3 digit passcode, iphone is 10 times stronger encrypted!
It could be a 4096-bit private key with uberultra fugu-based quantum encryption:
http://xkcd.com/538/
Mod me down, my New Earth Global Warmingist friends!
Or just some sort of propaganda for them?
I really doubt it's the first option
No, you can, and should, use a much longer (and with more varied characters) passcode than that on iOS. The device actively tells you you should if you set up touch ID.
Yes, but you can easily set your device to wipe after 10 incorrect passcode entries. So, what this really means (assuming that Apple's statements are true) is that, in the event the police want access to your iDevice, their only option (unless they're willing to play 1000:1 odds) is to get the passcode from you.
Mine is a 15 character complex password.
Well, and a thumbprint, which I suspect is the more likely attack vector.
iOS supports complex passcodes. It defaults to four digit numbers but you can turn on full alphanumeric in settings. Length can be much, much longer than 4 digits.
Can't wait to see how people spin this as anything but good news.
Well, Apple can expect a secret court order that forces them to implement a backdoor or some other method to invalidate this protection. It won't be something regular police can get theirs hand on, but the FBI and NSA will.
Besides, if iCloud is not protected the same way, it doesn't make much of a difference in practice.
Then they're served with another warrant ... one that obliges them to put a back door into either the individual device, or their whole infrastructure. Without informing users that such a warrant has been served.
Then what?
It's like a game of chess where the values of the piece can be unilaterally changed by one side.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
"The new security in iOS 8 protects information stored on the device itself, but not data stored on Apple’s cloud service. So Apple will still be able to hand over some customer information stored on iCloud in response to government requests."
What is to stop them from changing this back when they are inevitably given a secret court order to do so? Then all of their users will have a false sense of security.
*most*
Since I don't have an Apple phone, what is the limit in size of the pass-code.
And second on average how long do you think most people's pass-code is?
Based on surveys of popular password lists I bet most are still hackable.
I'm operating under the assumption that this is not some marketing gimmick and Apple is really concerned about the privacy of its user base. If this is the case, I'm happy to keep using Apple. I was going to hold off on updating to iOS 8 but, methinks I will upgrade after all. The old adage, "You have nothing to worry about if you haven't done anything wrong" is just plain wrong. With the misconduct of police and prosecutors, I want to be secure in my effects.
Wow, that could take almost 9999 tries. At 3 seconds per attempt, that's over 8 hours. I guess "impossible" == ">1 work day"
(I'll bet 1234, 4321, 1379 and 9731 will get into most phones)
Place nail here >+
Government law enforcement realized private companies would eventually do this, so they dont target the devices directly. Its why warrantless wiretaps by major telecom companies were later granted retroactive immunity. this hurts local municipalities prosecuting sexting cases and drumming up charges to shore up votes for the prosecutors re-election, but the FBI and CIA dont care.
Good people go to bed earlier.
Fill you luggage with locked iPhones.
Now that's secure!
I'm not aware of a limit, if it's there, it's very long.
The device encourages you to use a very long password if you use Touch ID to log in most of the time, so I expect most people's are fairly good.
i'm sure the cops can image your encrypted phone and try to break the encryption offline without risking loss of data. if they can't break it now, they will simply store the data for the next 10 years until they can and go back to it then. sort of like fingerprints, DNA or any other crime scene evidence
The changes do not appear to "making it impossible for the company to turn over data from most iPhones or iPads to police" it just means that it's (presumably) impossible for them to turn over unencrypted data.
I'm presuming when the balls meet the wall they will still turn over the data, it will just be encrypted and the feds will have to break it.
Design for the NSA's Utah facility is ahead of the curve on this, they really don't need all that cooling for just storage....
apple doesn't have the keys to the new backdoors.
The pass code is limited to four numbers, but you can switch it to a longer pass phrase which may include any number of alphanumerical characters.
"So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."
Let Apple relax for it's a matter of time. As any software developer knows, software will [always] have bugs. Apple's software is no different.
Like "123456789" maybe?
That's the average user's version of a pass-code like they use "password" for a password
I've not run into a limit, not sure what it is.
I have no doubt most people's are very hackable.
If they can't help the cops, then they can't help you. Just thinking cynically here, but this policy may be saving them a huge customer support PITA.
... but I wouldn't be surprised if you start seeing requests for courts to order phone/internet providers and/or Apple to install trojans and/or man-in-the-middle-enabling SSL certificates on suspects' phones.
Then again, I wouldn't be surprised to find out 5 years from now in a leak or declassified-in-2019 document that this is already routine practice in 2014.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Can't wait to see how people spin this as anything but good news.
-- Complex passcodes take more computational power to crack.
-- More computational power takes more electricity.
-- More electrical use leads to burning more coal and oil which leads to global warming.
-- Global warming is bad.
Q.E.D - complex passcodes are bad.
Faster! Faster! Faster would be better!
Nothing prevents you to use 3rd party encryption on your Android phone (and I'm not speaking about 3rd party system)... and I seriously doubt that Google will be able to do anything about data crypted by 3rd party system.
On Android, you work on a system of service provider/consumer. Your contact list ? you've an application acting as contact provider and other as contact consumer (reader/writers).... If you want to protect them, nothing prevents you to use a different default contact provider which uses an encrypted container. Same for most of the phone features...
On iPhone, you can only trust Apple's word... like we did when it was about geolocation data...
Standard data forensics procedure is to write-protect any storage device which contains evidence, copy it bit-for-bit, and do all the decrypting and data analysis from the copy. The 10-try limit may protect your data from a random thief who lifts your phone, but the only way it's going to protect you from the government or any other technically-capable hacker is if Apple baked the limit into the flash memory-reading hardware.
And there's always this.
How technically difficult would it be for Apple to obtain the passcode from a user? Keep in mind Apple regularly pushes out updates to iOS that changes how the device behaves, so just because the device doesn't transmit the passcode today doesn't mean it won't tomorrow. And secondly, how legally difficult would it be for Apple to be legally compelled to push out an update to obtain a user's passcode under threat of... say... exponentially increasing fines that would bankrupt them in months?
No because encryption is derived from passcode and device key which is in the cryptochip sillicon. You have to brute force those things 'online' due to this as anyone who has done iOS forensic will tell you. Now if you want to break that full key out of the blue offline then... hm. yeah.. see you in a million years.
This just means that search warrants will request your pass code as well now too. Just as if a search warrant were requested for a safe you would have to unlock said safe or phone in this case or be thrown in jail in contempt of court.
Nobody* requires you to back your phone up to the iCloud.
*Nobody that I can confirm that is. I can neither confirm nor deny that the FBI/NSA can require Apple or your phone/internet provider to install hidden code on your phone that backs everything up to iCloud.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Your simplicity. And only for $10!
Can't wait to see how people spin this as anything but good news.
-- Complex passcodes take more computational power to crack.
-- More computational power takes more electricity.
-- More electrical use leads to burning more coal and oil which leads to global warming.
-- Global warming is bad.
Q.E.D - complex passcodes are bad.
Good thing it is only a 4 digit pincode then and nothing strong or secure.
1. You can use more than a 4 digit passcode.
2. You're not important enough for law enforcement to be hitting with you a wrench.
3. Some people might choose the wrench over releasing their data, depending on what the data is.
I'm pretty sure you can download some sort of suitcase app onto each of these phones.
For fucks sake. Use your brain. Do 30 seconds of research.
http://support.apple.com/kb/ht4113
"Erase Data: Choose to erase your device automatically after ten failed passcode attempts."
Sorry if that deflates your ihater boner.
Seeing as how the flash memory chip and controller are likely still separate components. All that would need to be done is to lift the Write Enable pin up off the PCB to "write protect" the chip then just tie directly into the data lines of the flash chip and do a bit for bit dump of the data
As much as the government wants these powers, and wants them in secret, this is really a policy decision which needs to be made by the citizens. They need to decide if off-the-shelf products should provide end-level encryption by default, or if the government should always have a back-door into all encrypted products. Not politicians, not the police, and certainly not secret government courts. Society at large needs to decide which is more important - personal privacy, or the government's ability to obtain evidence of laws being broken in communications mediums and storage devices.
This move by Apple puts the debate squarely in the public's eye, instead of hidden in esoteric cryptography forums and secret government courts.
Well done.
One would think so, but they may also just want to activate the wipe to intentionally delete the data on the phone that could exonerate you!
http://justiceforbradcooper.wo...
Or, they simply use a $5 wrench.
Life is not for the lazy.
Yep. So you clone the data, and cram it through an emulator which tries every passcode from 0000 to 9999. So this is a PR stunt for Apple, while still allowing the police and whomever else to access the data. If they were serious about it, they'd use a microSD card which has a key on it (realize how easy those are to get rid of?) with a passcode, or something else.
NSA: "Just tell them this, it's technically true because we'll hold the master key and you wont. "
Apple: "can we also keep a master key and just lie about it, how's that fingerprint data base working out?"
NSA: "have my babies"
This is how things are supposed to be. The legal system was designed for individuals "to be secure in their persons, houses, papers, and effects."
Like many countries, we inherited a strange and somewhat muddled legal system from England. That bit got added along the way.
I have one question:
If you damage your iDevice and forget your password, can they recover your data?
If the answer is yes, they are lying if they say they cannot assist law enforcement. And between lying to their consumers and lying to the government... I am pretty sure I know which way they will lean.
No good deed goes unpunished...
i'm sure the cops can image your encrypted phone and try to break the encryption offline without risking loss of data. if they can't break it now, they will simply store the data for the next 10 years until they can and go back to it then. sort of like fingerprints, DNA or any other crime scene evidence
For that they would not need to crack a password, but create 256 bit encryption. With different encryption keys for every single file in the file system. I think brute forcing 256 bit encryption unless severely flawed is at the "physically impossible" level.
If you damage your iDevice and forget your password, can they recover your data?
If you forget your password, and you lost the backup key that Apple tells you to put in a save place when encryption is turned on, and you forget the answer to your security question, then yes, your data is gone. Forever.
I presume you wouldn't say it was "wrong" of the United States to crack the German and Japanese codes in WWII...
This isn't so much a law enforcement question as a question of how to do SIGINT in the modern digital world, but given the above, and given that intelligence requires secrecy in order to be effective, how would you suggest the United States go after legitimate targets? Or should we not be able to, because that power "might" be able to be abused -- as can any/all government powers, by definition?
This simplistic view that the only purpose of the government in a free and democratic society must be to somehow subjugate, spy on, and violate the rights of its citizens is insane, while actual totalitarian and non-free states, to say nothing of myriad terrorist and other groups, press their advantage. And why wouldn't they? The US and its ever-imperfect system of law is not the great villain in the world.
Take a step back and get some perspective. And this is not a rhetorical question: if someone can tell me their solution for how we should be able to target technologies that are fundamentally shared with innocent Americans and foreigners everywhere while still keeping such sources, methods, capabilities, and techniques secret, I'm all ears. And if you believe the second a technology is shared it should become magically off-limits because power might be abused, you are insane -- or, more to the point, you believe you have some moral high ground which, ironically, would actually result in severe disadvantages for the system of free society you would claim to support.
If the passcode must be manually entered, then even a 4 digit password is not particulalry feasible to try and crack. Sure, it can be done by a determined enough person, but you're talking about sitting around doing nothing but pressing virtual keys on a screen for what on average would probably be at least half a dozen hours before they might luck out and get it right. Most people have something considerably better to do with their time... If that couples with a password count restriction, say, limited to 10 attempts to unlock per hour, then it's completely infeasible.
File under 'M' for 'Manic ranting'
I suspect Apple is making this news release because of secret court order asking them to do. It is the same as law enforcement saying imessage is uncrackable. All they (the government) want is for you to voluntary turning over your information thinking that they are secured.
only if you are retarded and only use a 4 digit code.
Do not look at laser with remaining good eye.
id think in even a few hundred years our best encryption would be trivial to break.
The after the first fail it times-out for 5 minutes, then 30, then 60, 24 hours, etc... This is an example, I'm not sure of the actual times. But I've seen it happen.
If you get to a dozen tries you're about a month into it.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
One can easily set a longer passcode. Just tell it to do longer than four digits, use numbers only in the password, and once set, the iDevice will prompt you with a numeric keypad and an OK button. If you use letters in your password, it will use the usual full alphanumeric setup.
This way, one can have a longer PIN (I prefer at least 12-16 characters.) Not one in 10,000 anymore, but far higher.
Of course, the attacks will then go to the rubber hose decryption (xkcd.com/538), but it does raise the bar.
Oh, and you can set it to wipe the device after X failed attempts.
Oh, AND you can choose to use a password instead of a pin.
It's as secure as you choose to make it.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
Windows had "My Briefcase" years and years ago. Apple is still trying to catch up to that?!?
So? It's harder to obtain the flash memory without the cryptochip than it is to obtain the entire phone.
Also, the cryptochip doesn't attempt to provide any bruteforce attacks, that is done on the OS/application level.
So what you do is to load the CPU with custom software or if you feel that it is easier, disable the CPU and attach your own hardware to the bus.
Then you have full access to the cryptochip and your bruteforcing is limited to the 4-digit passcode. You don't even have to know anything about cryptography to do that, any EEng will do.
Standard data forensics procedure is to write-protect any storage device which contains evidence, copy it bit-for-bit, and do all the decrypting and data analysis from the copy. The 10-try limit may protect your data from a random thief who lifts your phone, but the only way it's going to protect you from the government or any other technically-capable hacker is if Apple baked the limit into the flash memory-reading hardware.
And there's always this.
You can put a complex password on your iPhone:
1) Settings->Passcode, enter your 4 digit passcode.
2) Flip the "Simple Passcode" switch.
3) Set your new arbitrary length complex password.
4) Enable the "Erase Data" setting which wipes the device after 10 incorrect password inputs.
5) Enjoy entering your complex password every time you want to access the phone.
The encryption on these iDevices and the Macs is non trivial to crack. Combine this encryption with a properly strong password and that wipe feature and even the Police would be shit out of luck. I know of a case where a guy resolutely refused to provide police with the password and crypto-key for his MacBook. The cops shipped the laptop to Cupertino who sent it back after a few weeks having failed to crack the drive encryption. The cracking would take longer than the expected lifespan of the universe. Your only hope of getting into a properly password protected and encrypted device be it an iDevice, an Android device or a Windows phone is if there happens to be some software vulnerability that enables you to bypass the login screen.
Only to idiots, are orders laws.
-- Henning von Tresckow
So if I can get my hands on your phone for about 60 seconds I can brute force it to wipe it's contents?
There are not different keys for every file, or if there are they are tied to a master key. The only way you can view an encrypted device with a single passphrase is because that single passphrase is tied to a single master key somewhere.
are you all that dumb?
and you forget the answer to your security question,
The presence of a security question on any service indicates immediately that they almost certainly have access if served with a warrant.
Comment removed based on user account deletion
Step 1: Pull the storage
Step 2: Image the storage
Step 3: Attempt to bruteforce it offline
Step 4: Wait 30 seconds
Step 5: You now have the 4 digit PIN
If youre attempting to break into it, you wont do it using their input mechanism, you'll do an offline brute force which completely ignores failure wipe limits.
"forget answer to security question" --- a security question is usually used in the context of retrieving or resetting a password. If Apple can retrieve the password (from the device, its servers, iTunes, whatever) or can remotely reset the password and somehow make your data available to you, then it isn't secure. Secure would mean that forgetting a password is effectively the same (at least for the next 5 or 10 years) as tossing the storage into a raging furnace.
What changed under Obama? Nothing Good
Blackberry used to be secure until they wanted to sell phones in India and the Indian government demanded a backdoor in order for them to sell phones there.
Will India now also refuse the sale of iOS8?
What happened to that briefcase anyway?
And we should believe Apple why? Who thinks that if Apple gets a national security letter that they're not going to comply? And what about access to the increasing proportion of data that is stored on Apple's servers instead of the local iPhone? Is Apple going to say no to the NSA/FBI/CIA on that, too?
We've heard these promises before.
You are welcome on my lawn.
Or, they simply use a $5 wrench.
If they simply want the information, the $5 wrench works. If they want it to be admissible in court, then it doesn't work so well.
I'm betting an NSL with the ink still wet makes all this pretty, untrue words.
This is security on the device, but not of the backups. They should be doing client side encryption and zero-knowledge storage in the cloud.
So remember, kids - if you're going to go all jihad or spaceman with your iPhone, just make sure you set it not to save any backups!
Is it just my observation, or are there way too many stupid people in the world?
No, each attempt has a longer pause between it after a certain point to prevent exactly this.
And how would you do step 1 or 2, exactly? Consider the possibility that the passcode protection could actually be enforced right down to the individual chip level, so trying to image the storage without the correct password would be futile, only giving you garbage at best.
File under 'M' for 'Manic ranting'
some of us are old enough to remember when 128 bit keys were considered unbreakable
The backups are not encrypted with keys that Apple doesn't have, so they can turn over all of your backed up data - they just can't remotely unlock the physical phone device. All that's required is to make sure the phone is in range when it backs up and Apple can provide (nearly) all the data police require.
Is it just my observation, or are there way too many stupid people in the world?
there were lots of keys unbreakable 10 years ago without a super computer. i'm saying you image the phone, save the data for 5 years and try it with new tech then. chances are statute of limitations will not apply
Are you kidding, it's much easier to say "we cannot do that" than have to go through verifying and unlocking a device every time someone forgets their passcode. It may piss off those customers, but there's nothing they can do.
I think the iPhone 6s should have a user-writable strip on the back so you can write down your passcode in case you forget it. Maybe a little sticky strip to cover it up so people can't see it normally.
Is it just my observation, or are there way too many stupid people in the world?
If a court order doesn't make you turn over the codes or data on your iPhone you may end up in jail for contempt of court. If that doesn't work, and the cops really, really want the data, then you may end up on an airplane to a country that doesn't care much about your personal safety and have your sensitive body parts hooked up to electric circuits causing serious pain. This of course after the use of rubber hoses or harder objects to damage brittle parts of your body. Whether they get the data or not you may never be seen again with the explanation by the cops that you escaped and they can't find you.
In a time of universal deceit, telling the truth is a revolutionary act. George Orwell
Well done, Apple. Your move, Google.
We should learn what we need to know about issues, before we decide what we need to feel about them.
Or they could threaten you with 30 years or take the plea deal give the password and serve 6 months.
I have a 9 digit alpha-numeric password on my iPhone. You don't have to use a 4 digit.
SJWs are the new boogeyman. -Me
Well at that point it doesn't matter how many characters it is as the data isn't encrypted by the password anyway.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
It's about time someone Apple's size tried to get away with this. I am tired of my coworkers saying Lavabit was asking for it, and therefore we should take it as granted that building Lavabit-style resilience into our tools is worse than nothing. This kind of self-censorship and eager overcompliance, especially from people who claim to hold a position other than simple self-interest, disgusts me. Perhaps Apple can shame them into growing a spine.
I don't know if this will actually work, though.
Parallel construction.
sure it does when you are dead and can;t argue on your behalf. welcome to the thUg States of america
How do you clone the data in the first place if the hardware won't let you read it without the right password?
File under 'M' for 'Manic ranting'
For the feds, you bet your ass they'll cough it up. Just clone the drives, and off they go.
Damn! Even Apple sounds like they're on November's ballot! May as well be, they and Google are damn near a government agency.
“He’s not deformed, he’s just drunk!”
The cracking would take longer than the expected lifespan of the universe. Your only hope of getting into a properly password protected and encrypted device be it an iDevice, an Android device or a Windows phone is if there happens to be some software vulnerability that enables you to bypass the login screen.
Not entirely true. It will take a random amount of time up to longer that the expected life of the universe.
They might get it on the first try by dumb blind luck.
Making it impossible to turn over data to the police even with a court order and extremely good probably cause? Put Apple down on the side of terrorists, serial killers with a bent for note-taking, child-molestors and the like.
Or, to be slightly more accurate, put Apple down on the side of lucrative sales even if that means the foul criminals listed above remain free to continue their deeds. Yes, that's Apple, and that's a goal Apple spent millions to achieve.
It's yet another illustration of the Geek Syndrome. That's a seeming inability to feel as others feel. Think of Steve Jobs harsh attacks on employees. Not all that different from nasty criminals is it?
Mix that with the Great Artist Perversity. Great artists, as defined by themselves, are free to do any evil because they "create," even if what they create, as with Picasso, looks ugly. Think of Apple's "Think Different" campaign. The Dali Lama "thinks different," but don't ask Apple to back that up by doing anything about China's brutal occupation of the Dali Lama's Tibet. No that would require courage, integrity, decency and the like. Artists don't "do" those sorts of things.
Quite frankly, these people make me want to vomit. If they'd just say, "We're greedy SOBs who'll do anything for a buck," it'd be tolerable. But Apple not only claims to have moral arguments on their side, but to be morally superior to ordinary people who think, strange as it sounds, that companies like Apple should cooperate in catching criminals.
Like I said, I'm left wanting to vomitÃ"or perhaps take a long, hot shower.
The article says almost. I could say my car is very secure and almost impossible to break into... It can still be broken into.
Based on this I figure we aren't going to have the ability to copy to/from this device by hooking it up to a computer.
Just a guess about how they do it, but if I were going to set this up, I'd have a crypto chip in the phone that contains a big random number which produces the actual encryption key when it's hashed with your 4-digit pin. The chip will never tell you the random number, just the key it produces, and if you enter too many bad pins it will delete the random number. So you can copy the data and try to crack it offline, but you'll be working against a strong key instead of a 4-digit pin.
wonder if India and UAE will now ban apple
I'm cruising along and a brick smashes into my windshield, causing me to wreck and I'm unconscious. The local Public Servant wants to contact my wife, but the iPhone is locked. Do they have a way of getting that minimum amount of information? I'm all for privacy, but sometimes the Public Servants truly are that, and they are trying to help. (by the way, the brick part is true, but it was my wife's car and she was lucky enough, and had the presence of mind, to get off the road safely).
"Who are you?" "No one of consequence." "I must know." "Get used to disappointment."
So everything is protected by a 4 digit passcode?
Or your fingerprint, and where would the police get your fingerprint?
The security question could merely be a second decryption key. That would maintain full security of the encryption (as long as the question's answer isn't simple).
So when the police need the stuff on your phone, they give you a wood shampoo with the billy club.
For you people who came over from NPR, wood shampoo is a beating your skull with a police baton.
why is everybody so full of hate here.
For some, it's because Apple has the audacity to make tech easy for non-techies to use—that is, take away the exclusivity that some of the geeks here feel they should have on being able to use complex electronic devices.
For others, it's because Apple doesn't open up everything so that they can tinker with the innards and customize it to their exacting specifications (at least without jailbreaking).
In these cases, and some similar ones, there's a strong sense that Apple is not serving true geeks, but rather the masses, and therefore they're never going to do anything different that's not cosmetic—shiny, thin devices, pretty UI, that sort of thing. They must be incapable of real, complex, important stuff, because they don't "get" our favorite complex, important stuff.
For still others, though, it's not really about Apple, but rather a general sense that no large organization—company, government, or government agency—is going to act in the best interests of the people they are supposed to be serving (in one way or another), and that they will almost gleefully lie about their nefarious intentions in order to lull the sheeple into a false sense of security.
And sure, it's possible that Apple's lying. That up until now, they have been open about being willing to give your information to the Feds when they ask for it, but now they'll just do it under the table. But that really doesn't pass Occam's Razor. It doesn't even pass Hanlon's Razor—it requires Apple to be both malicious and stupid. But a lot of people believe Apple is exactly that, because Apple's not Their Team—it's Them, not Us, and therefore any and all negative traits are safe to attribute to it.
Dan Aris
Fun. Free. Online. RPG. BattleMaster.
This isn't so much a law enforcement question as a question of how to do SIGINT in the modern digital world, but given the above, and given that intelligence requires secrecy in order to be effective, how would you suggest the United States go after legitimate targets?
I would sugest that they get a warrant specifying what they are looking for and where they expect to find it. All they need to so is explain why they think they'll find what they're looking for to a judge while under oath.
All that Apple's new position does is make it so Apple's answer is always "sorry you'll have to talk to the end user if you want the keys". Law enforcement can still get a warrant to seize and search your phone.
The cracking would take longer than the expected lifespan of the universe.
The obvious solution is inter parallel universe travel. We find the parallel universe in which the only difference is that the suspect didn't lock his/her phone and get the data there. Problem solved.
It must have been something you assimilated. . . .
1. Set the device to wipe itself after ten mistakenly entered pass codes
2. Give ten different pass codes
Better option is to have an app that allows only 9 mistakes, for the ultimate twist.
Yes, that is true...
But it isn't logarithmic, it is exponential...
A 256-bit encryption isn't twice as hard as 128-bit, and a 4096-bit is beyond silly.
There might be fault with the method of encryption, perhaps a hack or a mistake in the code, but you won't brute force 4096-bit encryption. It would take more energy than exists in the universe, go look it up. :)
They might get it on the first try by dumb blind luck.
Yes, you're right...
But that is very unlikely to happen...
It was designed for syncing a folder on your computer with a floppy disks. Now that we have flash drives, seek times aren't so bad and you can operate on them directly (or use cloud storage).
The feature's technically present even in Windows 7. Just add a desktop.ini file to any folder with the following lines:
[ShellClassInfo]
CLSID={85BBD920-42A0-1069-A2E4-08002B30309D}
ConfirmFileOp=0
Apparently there's a way to re-enable it in Windows 8, too.
Source: http://en.wikipedia.org/wiki/B...
It's called BitTorrent sync now.
id think in even a few hundred years our best encryption would be trivial to break.
Not without huge advances in theoretical mathematics, no. We have encryption that would take longer to crack than the heat death of the Universe, even if every atom in it were a modern computer.
On the other hand, advances in the factoring of large numbers, could, for example, make some modern encryption method a lot more vulnerable. But I am told, by people who do research on that topic at MIT and Caltech, that momentous breakthroughs in that area are unlikely - modest improvements, certainly, earth-shattering advancements, no.
No good deed goes unpunished...
> no court in the U.S. has the authority to order a specific change to a product.
Not that they'd actually order that a backdoor be developed, but most courts can order specific performance. In many states, small claims courts are limited to monetary damages, but any other court of general jurisdiction can issue a specific performance order. You see this used in custody cases where the father is ordered to provide health insurance, for example. It's also common to have specific performance ordering a government official to take some action, such as issuing a title for a car that didn't have the normal documentation. In general, a court can order whatever the court thinks is equitable, subject only to the prohibition on "cruel and unusual punishment ".
Then you check Apple's transparency report for the warrant canary. And if you do, you will find that it is no longer there which suggests what you say is true.
What does "Most" mean? Sounds like another loophole..
What the hell did it do, anyway? I barely remember that..
The fingerprint is embedded within the SOC and not accessible from any API - a write only part of the device. It will accept new fingerprints and perform comparisons but never reveal any currently stored fingerprints. This is a dedicated piece of hardware and short of dissolving the package away to access the storage directly, there is no way to recover a fingerprint. Without the fingerprint, the encryption key associated with that fingerprint will never be released. One assumes the encryption key was randomly generated and of sufficient length so that it provides maximum security for whatever encryption algorithm was used to secure the device.
Cmon.. who should really be afraid of the big bad wolf? Are you really doing anything that private? I can see some things like a password repository or CC numbers being so protected, but, seriously ... what are we hiding? While I don't want to pay for a whole class of society to collect and review the contents of my phone, but, why would someone -need- complete protection - to break the law? Watergate stuff? Texting while driving?
Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
Apple can't read your e-mail.
Apple can't access your files in the cloud.
Apple can't unlock phones.
Yet they've done it in the past.
Why on earth should we believe that they still don't have the capability to do so now?
Just because they give us their word?
HA!
Forgive me if I believe this to be bullshit of the highest order.
Chas - The one, the only.
THANK GOD!!!
How can we know they will actually carry this out? It's pretty damn depressing when you can't even trust open source software because of certain entities; how would we trust Apple with iOS then? Sigh, this is getting so old.
Why would a government official beat someone with a wrench just to get a pass-code? I'm not saying they won't beat you with a wrench, just that asking for a pass-code seems so... I mean, why not just go for a full-blown confession?
My luggage only has a 3 digit passcode, iphone is 10 times stronger encrypted!
Clearly you have never actually used iOS. You can set your passcode to be alphanumeric without length restriction. But it's more fun to wallow in ignorance and bash Apple on security isn't it?
Which is nice, because most of the time you only need Touch ID to 'enter' that 12-16 character passcode.
Just pray you remember it next time you need to reboot/power on your phone.
There are two types of people in the world: Those who crave closure
Apple Computers has announced that their servers have crashed due to the extremely large demand from iDevice customers seeking to download the latest iOS version 8. They're blaming it on some bizarre phenomenon called "the Slashdot effect".
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
The same way you clone any encrypted container. You know you can image an encrypted drive? You still won't be able to access the data without decrypting it, if it's truly encrypted unlike the early iOS-we-say-it's-encrypted-but-it's-really-not fiasco, but you do have a copy of the drive.
The pass code is limited to four numbers, but you can switch it to a longer pass phrase which may include any number of alphanumerical characters.
Actually this is no longer true as of iOS 8 - it wants you to set up a complex pass code by default.
#DeleteChrome
Apple codes their iOS so that neither they or law authorities have no backdoor or master key to access any iDevice.
When they approach the owner, he can flip the proverbial middle finger by citing the fifth amendment.
And it's all legal despite any Patriot Act, secret FISA court, or intimidating threats from the NSA.
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
More importantly, you can also disable "simple passwords" in IOS and use a longer and more complex alpha-numeric password. These passcodes can be up to 37 characters long, utilizing any of 77 different characters (upper & lowercase, numbers and some punctuation).
If you are really worried about the security of your data, you should enable complex passcodes. The default 4-number PIN is really there more to stop curious friends from getting onto your device than preventing a determined hacker (or law-enforcement officer) from getting access.
Only if there is some level of raw access that bypasses the security. The security can, in theory, be enforced on the individual chip level and without the right password available to it, you can't image any of the chip's contents, raw or decrypted.
File under 'M' for 'Manic ranting'
Parallel construction of evidence chain. They don't care if it's admissible, as long as they can fabricate some plausible chain that *is* admissible.
There are not different keys for every file, or if there are they are tied to a master key. The only way you can view an encrypted device with a single passphrase is because that single passphrase is tied to a single master key somewhere.
iOS uses a different encryption key for every file. One component of the encryption key is stored in the directory, one part comes from the device encryption key.
too late.
You're right! We should do nothing now! Why would we want to change something we don't like. Oh, that's right, it's too late.
What a defeatist attitude.
In the US, we have this thing called the 5th amendment so no one can be compelled to provide a password which, if used, may incriminate them. The UK is a different story but here in the USA, we still have that protection.
I am not saying they won't TRY to get you to turn it over or trample your rights in the process. That will most certainly happen. What I am saying is that there isn't any legal precedent to compel you to turn it over.
The presence of a security question on any service indicates immediately that they almost certainly have access if served with a warrant.
Only an idiot would implement it in such a way that the password could be produced by Apple. They take your information, then encrypt it with the answers to three security questions. Without the exact answers nobody can extract the information.
And remember that you can enter anything you like as the answer to the security questions. It doesn't have to be thre truth.
Or, they simply use a $5 wrench.
Don't be ridiculous, we're talking about the US government and not some thugs.
It would be a $5,000 wrench.
The Daddy casts sleep on the Baby. The Baby resists!
In UK he would be in jail until he gives the passcode to the police
So the brick managed to destroy the license plates and your driver's license or other cards with your name on them in the car, but your fucking phone still works? And you happen to have a contact for your wife in your phone that says "WIFE" and not just her first name?
No, after a while it just factory-resets the device. Happened to my wife on holiday when she forgot her passcode and made repeated futile attempts to get it right....
Blackberry used to be secure until they wanted to sell phones in India and the Indian government demanded a backdoor in order for them to sell phones there.
Was Blackberry ever secure? I thought that they always had the user's encryption key. No backdoors or changes necessary. It was simply that the government demanded that they turn over the user keys that they already possessed.
I give it 3 months before Apple is forced to put back encryption that allows feds to back door the phones by using the same escalating fine structure used to force yahoo to capitulate to their illegal demands.
It's pretty much the idea, which is terrible in my view. But then again, how else are you going to prevent bruteforce?
Write boring code, not shiny code!
Works well for citizens of the US and common law countries.
If you're detained at a border, there's no such thing as habeus corpus. They can put you away for however long they feel, with no charges.
If they ever get quantum computing off the ground, we will see some earth-shattering advancements as it will break pretty much all modern crypto systems. (Factorization for sure. Apparently discrete logs as well according to a quick Wikipedia check. Those two underpin the vast vast majority of crypto systems in use today.)
Of course quantum computers only help with certain classes of algorithms. We've already come up with new crypto systems that aren't (currently believed to be) breakable using quantum computers and I'm sure more will crop up as time marches on.
You do know that that first entry is patently false, right?
- Complex passcodes take more computational power to crack.
Complex passcode rules make it "EASIER" to crack passwords by reducing the entropy required to crack the codes.
Many password crackers now allow you to enter "rules" that say "number of lower case, number of upper case, number of numbers, number of symbols, number of repeats, etc"
With these rules in hand, it's easier because there are fewer permutations to run through to crack the passwords.
With a simple 8 character passcode, with minimum 1 each of upper, lower, number, symbol, the last time I did the math it was between 300 and 400x fewer combinations possible.
I really think these "WEAK" strong password rules were sneakily hinted at by the CIA/NSA to weaken our password structures to allow them to crack them more readily.
If you encrypt your Android phone, neither Google nor anyone else has any special access to its contents. However, there is a caveat.
In the current (KitKat) implementation of device encryption, the actual data encryption is done by standard Linux dm_crypt, which is very strong assuming the master encryption key is well-protected. The master encryption key is in turn encrypted by a key derived from your password. The derivation algorithm is good (scrypt) but it's still possible to brute force the password space. How difficult that is depends on how long your password is and unfortunately there's a clear conflict between security and convenience here. You can choose a very long password and have high confidence that it's infeasible for anyone to break it, but then you have to type that long password on your phone all the time.
Apple has undoubtedly made use of the "Secure Vault" chip they have in their devices to store a significant portion of the material needed to derive decryption keys in secure hardware, which is almost certainly configured to rate-limit brute force attempts, and eventually just to lock the device up forever. Given that the obvious and straightforward implementation of such a system would never have given Apple the ability to unlock phones, they must have decided to add a sort of "back door" for themselves, probably to rescue customers who'd locked themselves out. Now, they're removing that back door. Good for them.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
When you speak of 4096 bit encryption, you are generally talking about RSA keys. RSA keys do not share the same "strength per bit" as symmetric keys like AES-128.
Most folks say that AES-128 is about equivalent to RSA/3072, and Elliptic Curve would need to be 256 bits to be roughly equivalent to AES-128.
The big upcoming problem with RSA is that the number of bits needed per key goes up rapidly as you need to get to stronger key sizes. To get something equivalent to AES-256, you would need a 15360 bit RSA key. Which makes Elliptic Curve crypto more interesting because you only need about a 512 bit EC key to match AES-256 strength.
Wolde you bothe eate your cake, and have your cake?
They'll use the usual police state nonsense:
"Think of the children!"
"Apple is letting criminals hide their crimes!"
You do realize that you can
This is exactly the point. Police can serve a warrant on a person, but they can't take the legal wrench to apple.
Whilst that workflow was valid., indeed that's how you attacked A4 & earlier devices. On A5 based devices, there is no known way to load a new OS without prior knowledge of the device passcode. On a typical setup , you need to know the device passcode and the iCloud password in order to change the OS on the device.
If you want to add custom OS to that, you need to subvert Apple's bootrom and certificate pinning.
There are no known exploit chains that can achieve that.
For the AES encryption used on the iOS flash, you need advances in the discrete logarithm problem, not factoring large numbers. There’s no RSA involved in protecting the flash contents.
Additionally, there’s no known way to make the boot loader just dump an image of the encrypted flash for you to start brute forcing on. You’d need to disassemble the phone, desolder the flash chips, and read them out in another circuit.
That’s certainly do-able, but not something that can be done to a phone that needs to continue to remain intact for any reason. IE they couldn’t just dump your phone while you’re in the tank & give it back to you when you’re released, planning to work on it later.
How does a copy of a drive image wipe itself after any number of failed attempts?
If you image the raw flash, you need to remove it from the device.
After you do that, you need to crack a 256 bit key that was randomly generated at device manufacture by blowing fuses in the phones hardware crypto module. This key has far more entropy than the typical user passcode.
If you leave it in the device, and the HCM is in play, then you are rate limited by the HCM to 80 milliseconds per attempt.
But, what you are trying to crack isn't the passode. It is a derived key that uses both the passcode, and the 256 bit key in the HCM.
That means your brute force is going to take a very long time on average
If they already have you, which is pretty likely if they've managed to get your physical phone since most people keep those on or near them at all times, then they can probably figure out how to lift a print. Or you know, just coerce you to touch the pad.
You can also set it to erase everything if the passcode is wrong more than ten times.
More systems like this should really have a "duress PIN". Enter a specific number which is different from your unlock code to immediately wipe the device, no 10-retries required.
Or by your fingerprint. Or, in my case by a 12-character secure password.
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
You don't have to enter the passcode every time if you've got a TouchID device. When my new phone shows up, I have a 13-digit code memorized from when I was a kid (long story). I'll input that once a day, and use the scanner to unlock the device the rest of the time.
Really you only need a 6-digit passcode to be exceptionally safe, but it's honestly easier for me to remember this particular code than something shorter.
While I'm sure that most iOS users don't have this enabled, it is possible to have a complex password to unlock. With Touch ID, I think they should make it mandatory, since it would be a much rarer event that people have to enter it.
If you can't convince them, convict them.
iOS is closed-source. As is the hardware.
Until there are a few independent source audits (unlikely), we only have Apple's word to go on. Nobody wishing to hide anything should trust the "word" of a corporation that their device is encrypted safely.
Is anyone stupid enough to believe this?
Having said that, even if it is true, the fingerprint reader is a lot easier to fool, and the government has experience with fingerprints. So maybe that makes the passcode irrelevant.
Loading the CPU with custom software would either require a ROM-level vulnerability in the bootloader or for Apple to sign your alternate firmware to load in.
To my knowledge there have been no bootloader vulns since the early production runs of the iPhone 4S. All jailbreaks since that time have depended on vulnerabilities later in the software stack. The bootloader will not accept a firmware older than the one currently installed on it, so downgrading to exploit since-fixed bugs isn’t possible.
There’s no existing precedent that I know of, but conceivably Apple could be compelled to sign your mal-firmware. Then you’re down to the bigger problem. The bootloader only maintains the user flash session key in the cryptochip during upgrades if the user’s key is available. If you don’t have the key, installing any firmware blows away the cryptochip’s contents, destroying any ability to access the user flash contents. So the ROM-based bootloader won’t allow you to update the OS to install your alternative version without either clearing user flash or having the user’s key in the first place.
The software that’s on device does implement brute force attacks and (if so-configured) blows away keys in the cryptochip after 10 bad guesses (with an increasing back-off delay before accepting additional guesses after the first six, making it time consuming for someone to DoS your phone by guessing keys until it wipes).
So it’s not possible to load software that ignores the brute force check without wiping what you’re trying to extract in the first place, even with Apple’s (compelled) assistance.
That works for basic access passwords since the only check is "is it right yes/no?" at one particular entry point (the login screen.) You can reset that password and they only have to "update" the one location (their password hash file.)
Encryption is a whole different beast as you're effectively password protecting every single byte on your device. Simply changing the access password won't change those bytes.
So unless they're storing your password in plaintext (or reversibly encrypted,) or they've built a master key into their algorithm then no, they can't recover your data even if they reset your password for you.
No major company with any sanity would store user passwords in a recoverable form -- way too much chance of a rogue employee or a hacker getting their hands on the file and open them up to massive lawsuits.
Similar issues if they store a "hard to get" copy of the password right on your phone -- it won't take very long before someone figures that out and how to access it and then you may as well turn off the password feature all together for all the security it would give you.
Master passwords are a little bit more likely.. not because they're any saner (for the same reasons) but its a little easier to control a single key stored in a vault somewhere than it is to control a (probably distributed) password file that needs to be accessed regularly. Of course having it in a vault is great for something like the CSS or the PS3 master keys (which were both cracked eventually of course) but less good when your level 1 or even level 2 tech support need to use it periodically..
Too bad for "standard forensics" that the passcode is mixed in with a hardware-specific key baked into the SOC. So you'll first need to be able to run arbitrary code on the individual's phone itself in order to keep guessing beyond the limit. That's going to require a significantly more intrusive examination.
Step 1: Pull the storage Step 2: Image the storage Step 3: Attempt to bruteforce it offline Step 4: Wait 30 seconds Step 5: You now have the 4 digit PIN
So you're saying their fingerprint reader just corresponds to a 4 digit pin?
Case law is slightly conflicted in different US Federal districts, but the majority are that you can’t be compelled to provide your decryption keys. They’d need evidence to throw you in prison for 30 years, and your lack of providing the key is NOT evidence.
Recent statements made by several SCOTUS justices relating to warrantless phone searches suggest that as cases involving compelled key disclosure reach the Supreme Court, they will likely be decided in favor of the defendant. IE that the 5th Amendment protects you from being compelled to turn over an encryption key to information that would be used against you.
The legal situation outside the US is of course different. In the UK in particular, you CAN be compelled to provide the key under penalty of indefinite detention.
AES has nothing to do with the discrete logarithm problem.
In UK he would be in jail until he gives the passcode to the police
Yeah, but I think he figured the punishment for denying the cops access was preferable to what he would have had to suffer if the cops had gotten at the content of that hard drive and they couldn't lock him up indefinitely for refusing to decrypt his hard drive. At least not in a modern European democracy.
Only to idiots, are orders laws.
-- Henning von Tresckow
It’ll take you longer than 60 seconds. You get six tries for free. Between 6 & 7, you have to wait a minute. Between 7 & 8, it’s five minutes. I think it goes up to an hour before the 10th that wipes it is accepted.
(I just verified up to the five minute wait on my iPad. Six minutes total research is more than enough for a /. article, never mind a comment...)
I *think* iOS 7 on TouchID capable devices also pressed you to use a complex password.
You are correct, sir. That’s exactly what the crypto chip on iDevices does.
There’s no way to direct dump encrypted flash, so you’d need to desolder the flash chips, then you’re busting 2^128 keys for the raw AES key, not just looking for my luggage combination...
Parallel construction.
Would be kind of hard to do with the accused sitting there all bruised up, stating how the copy beat him into giving up the information.
YES!!!!
There's no such thing anywhere.
If you get your hands on a phone you can smash it to bits with a hammer in 3 seconds, taking 60 to brute force 10 failed attempts to wipe the contents is a waste of time if your goal is to wipe the contents.
Would help if I read your last line first... sorry...
Security questions only get you into your iCloud login. They can’t remote unlock your phone. They can remote WIPE it, which is concerning, but it’s unlikely to help the cops gather evidence against you.
It does look like there are reset venues that would allow iCloud to restore data back to your phone after you force wipe it without the passcode (see http://support.apple.com/kb/HT...). That doesn’t appear to be the case if you backup locally to iTunes and enable encryption on that backup.
Today’s lesson: Cloud backup is generally a security risk.
I look forward to Apple stepping up and enabling client-side encryption of iCloud backups like Crashplan & Co. do with your data.
I can tell you that Law Enforcement kits can break encryption on IOS devices (new releases usually within a month of a major IOS release). They will be unable to unlock the phone regardless. I have never gone through Apple to get into an IPhone and simply use my forensics kit with a search warrant to break into the phone and do a physical extraction of it. They also say they wont unlock the phone to you however they never said anything about not giving access to complete icloud backups of imessaging and texts and everything else now did they?
I used to tell people to make really complex passwords by adding the backspace key to them.
They'd remember 20 character strings where only 5 characters were actually used :)
Yes, I'm a real BOFH :)
If they want it to be admissible in court, then it doesn't work so well.
The trouble with that argument is that it relies on legal rather than technical barriers, and the same guys who want to get you (generic "you") are the ones making the laws.
For example, right now in the UK, the law is effectively that you can be required to provide either decrypted data or the encryption keys to various authorities, and if you don't then that is in itself an offence that can in theory get you two years in jail. Naturally this is controversial, because like many laws relating to privacy and surveillance there clearly are real dangers that the law could help to protect against but there are also real civil liberties concerns.
Regardless of the ethics of the situation, right now that is what the law in my country says. They don't need a £5 wrench, and they don't need evidence gained using that wrench to be admissible in court. All they need, essentially, is suspicion and your silence.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
So... I hear them. I just don't believe them.
We have already seen in actual caselaw that companies like lavabit, skype, and hushmail that vendors may be compelled to backdoor their software -- and release updates with said back door. Hell, it practically fucking EXISTS because of CALEA. The iphone running IOS might not be decryptable, but the telco running the network can be ordered to send a baseband update out.
Fortunately, Apple has made a market impacting statement.
So... the obvious solution is to create a pool of funds in the approximate amount of $2M in bitcoin.
- $1M to be distributed (pending resolution of next activity) anonymously to the first individual to provide solid proof of back door to the EFF.
- $1M to be distributed to attorneys to jumpstart an immediate class action lawsuit on behalf of all apple product consumers *AND SHAREHOLDERS* if the proof is solid.
- for deceptive marketing
- devices being unfit for merchantability as promised
- rewards and punitive damages to apple shareholders for making a market impacting statement that was likely known, or could reasonably be foreseen to be known as materially false.
Don't get me wrong -- I want apple to succeed in this claim. But I want every single employee they have to think they can get a million bucks and spend the rest of their life sipping cocktails on a beach in Phuket if they can smuggle evidence of deception or backdoor out of the company. Hell... I want every single NSA agent wondering about that million bucks...
I am happily surprised to see Apple doing something good for once!
4096-bit encryption sounds great, but there are always ways to shave orders of magnitude off of the actual sample space, such that encryption strength really tends to grow at about the same rate as processing power.
Once you get encryption keys of that size, you've got storage and transmission issues, which increase the probability of other attack vectors working. Plus, your PRNG has to be REALLY random -- and there isn't really all that much true entropy to go around when you get right down to it.
The issue here is that as your random seed gets larger, the probability that it isn't truly random also increases, and analysis of data encrypted with this seed becomes easier through replay analysis. It won't remove the actual entropy, but forces acting on the values generated will create patterns that will still limit the amount of true entropy stored in the resulting value.
Kind of like if you flip a coin once, anyone guessing really doesn't know if it'll come up heads or tails. But if you flip a coin ten times, the method you use for flipping the coin and the environmental factors will start to have an impact on which side comes up more often, and also on the pattern of what influences a heads or tails result. If you flip the coin 2^4096 times, you'd probably be able to pretty accurately predict the result before the coin had even fully launched into the air.
Yeah; the coin experiment is often used as an example of how entropy is entropy and the probability doesn't change from toss to toss. But if you take all other factors into consideration, you limit the effect of entropy such that your guess on a given toss can actually improve over time. Try it, and you'll see I'm correct.
I think you meant to say:
But it isn't linear, it is exponential...
People with pre iPhone 5S phones use 4 digit passcodes because they don't want to enter more than that everytime they unlock their phone.
Anyone with a 5S (or 6) will use TouchID for most access and a much longer passcode for when a passcode is required.
I live in Russia. Personally, I welcome this new technology, but if it works as advertized, Apple can kiss goodbye to Russian market, because there is no way this is going to be certified in Russia. By Russian regulations, built-in crypto tools must meet certain requirements (effectively meaning the ability to decrypt the data).
or the police could, oh, I don't know - maybe actually respect the 4th & 5th amendments? (at least in US)
just a thought...
I'm not actually sure if this is entirely correct. I don't think the fingerprint chip actually has the encryption key. Whenever you power-cycle an iPhone with a passcode/password, you are required to unlock it the first time with the full password. You can't unlock it with just your fingerprint.
My guess is that it needs the passcode to decrypt the contents of the databases, and then it uses the fingerprints as a quick-unlock feature when the device was put to sleep, but the keys are still in memory.
Unfortunately all you have to do is guess the first character correctly, at which point the phone will auto-correct to the correct password.
The US courts CAN compel you to disclose your keys in some specific circumstances. The canonical example was when child porn was seen on a screen and the owner managed to then turn the laptop(?) off. When rebooted it could not be seen because it was encrypted.
In that case the courts held that because the government already knew (had seen) that the kiddie porn was present they where not forcing the owner to disclose something unknown. So they could force him to hand over his keys.
All of what you're saying is correct.
However, the flaw in that is that AES-256 bit encryption today is completely and totally unbreakable.
Many people have tried, it would be a "big deal" if someone did.
Theory is nice, but let me know when 256-bit has been cracked. :)
Yes I'm sure that anybody who doesn't want their data to be read by the authorities won't be able to afford to buy an iPhone with TouchID.
5) Enjoy entering your complex password every time you want to access the phone.
Interesting...
I've read up a lot on AES-128 and AES-256, I was not aware of the difference with RSA...
What I do know is that as far as I can tell, there does exist encryption that is strong enough that no one can crack it. If someone can, they are being REALLY quiet about it. :)
One other thing to note: on iDevices, if you select a non-simple passcode that is only numbers, the device still presents the simple PIN screen instead of a full keypad. The difference is that it sticks an "OK" button in the text field that you press when you're done.
This provides a passcode of uncertain length (X choose 10, 0 x 4096 or so, realistically 16) that is still relatively easy to enter. It's not as secure as a full-on textual passcode, but it beats a 4-digit PIN even if you only use a 4-digit PIN -- as the attacker has no means to know how many digits long your PIN is -- as it *could* be "11151111" or even "1231230123123" which is pretty quick and easy to enter on a PIN pad (almost as fast as 12345), is 13 characters long, and really difficult to guess.
Ahh...
+1 to you... :)
Yea, you're right...
http://en.wikipedia.org/wiki/Briefcase_%28Microsoft_Windows%29
Basically it was an option on the "New..." section of the context menu that allowed older users to become totally befuddled by the mysterious appearance of these "My Briefcase (x)" icons all over their desktop...
Some Zip Drive users found them handy.
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
Repeat after me. "I do not recall." "I do not recall." "I do not recall"
It has gotten an endless string of criminals in our government out of trouble, why not you?
Q: What is the password?
A: "I DO NOT RECALL"
So instead of requesting access to the data, they'll request access to installing a special update to your phone that simply transmits the encryption key.
If you trust Apple to update your software, and Apple has to do whatever the government says, there's always going to be a way for the government to get your data.
AccountKiller
Not without huge advances in theoretical mathematics, no.
Cryptography relies not only on the math being correct, but the implementation as well. How sure are you that Apple implemented the random number generator properly, for instance? Maybe that 128 bit key only has 64 bits of entropy because someone screwed up. 64 bits of entropy is feasible to brute-force.
Also, only RSA relies on factoring large numbers. RSA, and other public-cryptography is only used to encrypt the key. The underlying algorithm is still generally block ciphers like AES, which aren't dependent on prime numbers.
AccountKiller
10 tries on 1000 possibilities... Isn't that 1:100 odds?
That's a good idea. You should submit that in the new Apple Tips app.
Or is that not what the app does?
Ya fucked up the end LMFTFY.
Q.E.D. - complex passwords cause global warming.
That's only true given an assumption of there being no JTAG chain on an iPhone - I seriously doubt that. This gives you debug access to all the chips, and all you need to do is to pull the case apart and cradle the phone in a very modest bed of nails. This is sufficient to dump the flash, but not encryption keys. Unless there's a backdoor in the chip that carries the key - one can't be sure without reverse-engineering the relevant chip.
For all I know, Apple could have sneaked in JTAG access even through the lightning interface, so an encrypted dump of the flash could be done using a specialized JTAG-over-lightning bridge, without opening the phone.
A successful API design takes a mixture of software design and pedagogy.
So what do you do as a job?
I, um, break encryption for the police.
Does it pay well?
Minimum wage. All I do is enter 4-digit codes to guess the passcode.
This assumes that there are no sidechannel attacks against this storage, and that it's protected against power fluctuations. IOW: A very professional professional with a $1E6+ budget would probably be able to do something more with it than just stare at it with dismay :)
A successful API design takes a mixture of software design and pedagogy.
FOR GOD'S SAKE.
I know you guys hate Apple, and that's fine. But do try to use your brain a little bit. Do you honestly believe that the flash storage is encrypted with a 4-digit numeric key? Of course it isn't, it's encrypted with a 256-bit AES key that's generated using a per-device hardware key and the passcode (which can be much longer than a 4-digit pin if you can be bothered to type it in every time you use the phone). If you pull the hardware out of the phone, then this is the key you're going to be cracking.
Good luck with that.
True... which is why talking about large-bit encryption isn't really the issue; it's the implementations that are the issue. I was mostly rebutting the part about exponential difficulty with bitsize making your encryption more secure. I'd give *properly implemented* AES-256 another decade at least before it has any security issues whatsoever. By the time AES-256 can be cracked via brute force, the entire algorithm will be out of date, so increasing bitsize won't be much of a gain.
But it doesn't matter how many bits are used or what algorithm, or even what implementation, if even one password at, or above your level on the system being protected is in the Adobe password file, people.
id think in even a few hundred years our best encryption would be trivial to break.
Not without huge advances in theoretical mathematics, no. We have encryption that would take longer to crack than the heat death of the Universe, even if every atom in it were a modern computer.
On the other hand, advances in the factoring of large numbers, could, for example, make some modern encryption method a lot more vulnerable. But I am told, by people who do research on that topic at MIT and Caltech, that momentous breakthroughs in that area are unlikely - modest improvements, certainly, earth-shattering advancements, no.
You can model the universe forward or backward in time and everything holds up.
Just build a model of your crypto-accelerating hardware (which is actually fairly simple) in a suitably-accurate physics engine.
Set the initial state to the end state (where the output is the hash you want to reverse).
Run your reverse physics simulation.
Wait.
Get the inputs.
Whether this modeling approach is computationally feasible (or even just better than other attacks) is beside the point. The idea that there are truly one-way mathematical functions useful for security is absurd. Just because you don't know how to reverse them now doesn't mean you won't know how to reverse them in the future, or that your enemies don't know how to reverse them now. (Useless one-way functions do exist - such as f(x) = 0*x; given just an output of 0 there's no way to determine what x was.)
you won't brute force 4096-bit encryption. It would take more energy than exists in the universe, go look it up. :)
If you build a computer that does 1 check per second and uses 1 Watt, then how will the universe run out of energy, exactly? Is the energy destroyed?
Additionally, there’s no known way to make the boot loader just dump an image of the encrypted flash for you to start brute forcing on. You’d need to disassemble the phone, desolder the flash chips, and read them out in another circuit.
As I understand it, if they're serious about getting the contents of your phone and it's not unlocked / trivially made available, they just get your backup files and hack the information out of those. Encrypt your backups!
How does a copy of a drive image wipe itself after any number of failed attempts?
Apple branded rainbows and magical unicorns. I'm fuzzy on the details, but any Apple fanboy could probably explain it to you.
http://en.wikipedia.org/wiki/Briefcase_%28Microsoft_Windows%29
Basically it was an option on the "New..." section of the context menu that allowed older users to become totally befuddled by the mysterious appearance of these "My Briefcase (x)" icons all over their desktop...
Some Zip Drive users found them handy.
I found it to be very finicky and unreliable.
That's the problem with exponential functions, the human brain is too easily tricked. Doubling the bit length of a key doesn't just make it twice as hard to break.
Over the past 40-ish years, we've transitioned from 8-bit computing to 16-bit, 32 and now 64 bit is common. We might need pointers bigger than 64-bits eventually, but we will never need a pointer bigger than 256-bits in length.
The same is true of encryption, for the same reasons. We measure the strength of a crypto system based on the number of keys we would need to attempt in a brute force search. Sometimes we find mathematical short-cuts that weaken a crypto system, reducing the number of keys we need to try. But if we can't do that, we need to test every value.
Counting through all possible values of a 128-bit number would use enough energy to raise the oceans to 100 decrees Celsius and then convert all of the water to steam. This is an amount of energy that we might be able to do harness one day, if we could be bothered. Counting through all values in a 256-bit number would require capturing all of the energy released by every star we can see.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
You're taking a naive approach to this, and you've already been shown to be beyond your depth when you insinuated public key crypto strength is equivalent to symmetric key crypto for the same key length.
Here you're naively presuming AES 256 is substantially more secure than AES 128. I suggest you google what Schneier has to say about it.
Why don't we skip the multiple iterations of your ignorant comments and subsequent refinements where you will eventually be forced to distill your argument down to "one time pads are unbreakable crypto and everything else is theoretically breakable", which is a point we all knew already.
Well, at one key per second, it wouldn't ever find the answer, now would it? :)
What I said was, checking all the keys would require more energy than there is in the universe.
http://www.reddit.com/r/theydi...
And remember, if you like and use the fingerprint scanner, you hardly ever have to type the password -- basically just upon reboot. Or if you are using your spouse's phone for a few minutes, etc. But much more rarely, not every time you take it out of pocket.
AES-256 will never be able to be brute force broken.
Never.
And I don't use that word lightly.
The energy to check all the possible keys doesn't exist.
You would have to come up with a way to run the math using energy from outside our known universe.
http://www.reddit.com/r/theydi...
Because if you are doing one check a second on a 4096 bit number you will need 6.62x10^1223 centuries to check it all! Even assuming that on average you will only have to check half the numbers, you're still well outside the expected life of the universe.
The benefits of this new system are obvious: more privacy for users, less resources needed by Apple for responding to warrants.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
My phone is still an iphone 5, and likely will be for some time. However I don't find the pass code all that onerous to enter.
#DeleteChrome
You can turn off the simple 4 digit passcode & change it to whatever length and characterset youâ(TM)d like FYI. I did that years ago, and I doubt somone could get into it within the 10 tries it allows before it wes itself.
â"M
On some old systems that mapped backspace to ^H this was a legitimate character in your pass phrase. I used to do this on SunOS.
It is essentially the same problem. http://en.wikipedia.org/wiki/S...
Given a quantum computer the problem is solvable in n^3 time but we don't have a quantum computer so that algorithm sucks on the computers we do have.
I don't follow. There are about 2.5E46 molecules of water in the ocean. 2^128 ~ 3.4*10^38. Seems like you would need a lot more energy than just counting to 2^128.
Like on 'Star trek', points of failure should be protected with 2 back-ups.
The security question is a second method of identification. It doesn't mean that a service provider has a copy of password. With unencrypted data, the service provider can issue a new password. That will not work with encrypted data making forgetfulness inconvenient and possibly expensive. Given this cost and the number of people who forget their password, a user-friendly provider like Apple may have a copy of the password. But it's not compulsory.
I seriously doubt there is JTAG in any consumer iphone model.
As someone who actually works on hardware that ships in millions of cars around the world, i can safely say the cost of adding a JTAG interface via their lightning/usb interface is going to cost tens of dollars.
No company in their right mind would waste $10 in a BoM of $150ish on a debugging interface that would all but never be used - unless someone else is covering the bill.
New iphone announced and greeted with total indifference.
Apple tries to sweeten the deal with claim of new "unbreakable" device encryption.
Something doesn't feel right.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
anybody can serve a warrant, police are there for when a little persuasion is required.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
You're assuming that the universe is deterministic, or at least that the past is. I don't believe that to be correct. I believe the past to be as probabilistic as the future. Granted, it's probably that every backwards simulation will end up at the big bang, but in between now and then it's an uncollapsed wave function.
OTOH, I also believe in the Everett-Graham-Wheeler interpretation of quantum mechanics...but not in quite the same way that they did, as I'm considering branching to be essentially symmetric between the past and the future, so that not only does the present lead to multiple futures, but there are multiple presents connected to multiple pasts in a probabilistically branching net in both directions. Each present has multiple pasts, and each past has multiple presents (futures?). In a connected lattice that (perhaps) teminates in one single instant in the past where all the lattice links join (called the big bang) and less probably terminates in on single instant in the future where all lattice links join (called the big crunch). The big crunch, however, doesn't seem to be extremely plausible at the moment, given current knowledge and theories. And neither join is required by the theory.
FWIW, as far as I can tell this model is consistent with everything known about physics, but I'm neither a cosmologist nor a quantum mechanic.
I think we've pushed this "anyone can grow up to be president" thing too far.
If they set the key by fuses we can read it off the chip if it's worth the expense of clean room HF application.
Can I play? I designed a system where the security answer was like a password. No reason it can't be another encryption of key.
"You do not have to say anything but it may harm your defence if you do not mention when questioned something you might later rely on in court."
What the caution should say, is "...it *WILL* harm your defence..."
You still have the right to silence in England, the new inference is that you are guilty until you prove your innocence (by talking to the police during the interrogation stage).
(also, that by remaining completely silent you're more than likely to be sectioned under the Mental Health Act, the Official Solicitor is called in and your most basic human rights are abrogated including your right to not be experimented on like a lab rat).
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
This. Hardware specific keys are the killer for any forensic attempt. It makes breaking a copied image totally impossible (otherwise what would be the point?). Combine that with a baked bruteforce/tamper killswitch, and you have a secured drive that has just one weakness: the ability of its owner (or not) to resist the charms of law enforcement.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
How does a copy of a drive image wipe itself after any number of failed attempts?
Ideally, if the actual key encrypted with the passcode is stored on a tamper-resistant hardware chip, so the "image" will not contain a vital hardware element needed to produce the actual key.
And 10 failed attempts results in the chip memory contents being "zapped"
https://www.schneier.com/book-...;
To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. Given that k = 1.38 × 10^16 erg/K, and that the ambient temperature of the universe is 3.2 Kelvin, an ideal computer running at 3.2 K would consume 4.4 × 10^16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.
So 4.4 × 10^-23 Joules minimum per bit flip * minimum of 2^128 bit flips = 1.4 * 10^16 J. Though of course our current computers are far from ideal and it would take many bit flips to test each key. Unless someone has a better source for the energy cost of computation?
https://blogs.oracle.com/bonwi...
The mass of the oceans is about 1.4x10^21 kg. It takes about 4,000 J to raise the temperature of 1 kg of water by 1 degree Celcius, and thus about 400,000 J to heat 1 kg of water from freezing to boiling. The latent heat of vaporization adds another 2 million J/kg. Thus the energy required to boil the oceans is about 2.4x10^6 J/kg * 1.4x10^21 kg = 3.4x10^27 J
So an ideal computer might be able to count to 2^128 without boiling the oceans (doh). It would take a 10^11 increase in energy usage per bit before boiling the oceans was impossible to avoid.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
This. Hardware specific keys are the killer for any forensic attempt. It makes breaking a copied image totally impossible
Apple obviously has an image that is not locked to specific hardware, when you take a backup. As it's possible to restore to a different device!
The law can just send Apple an order to deliver THAT version of the image.
or, uh, just use AES-256?
That would probably be illegal in a bunch of contexts on the basis of overly broad seizure (effectively a so-called 'general warrant'). And then there's the statute of limitations. What you propose would be a serious problem for people that have committed crimes like rape or murder, but fuck those people. ...then again, if the cops were smart they'd seize encrypted images from all suspects on the off chance that one of them is the killer and that they would be able to decrypt at some point in the future. That could be the new DNA evidence for solving cold case files.
It can be bricked after 10 false attempts.
The fact that people are likely going to 'make the wrong choice' from law enforcement's POV will mean that everything possible will be done to keep 'outsider' individuals outside of the process of making that decision. If voting worked, it'd be illegal. If the majority rule was always right, there would be no rights for individuals protected by law. Realize that the bill of rights was to protect the people who signed it, from the mob rule mentality.
One word: Spyware
And that's just the software solutions. People have reused passwords and used 'free' keyboards, before, even when they really shouldn't.
One word: Spyware
And that's just the software solutions. People have reused passwords and used 'free' keyboards, before, even when they really shouldn't.
Until we have quantum computers, which probably isn't that far off now.
It's going to be interesting when spy agencies get them and start decrypting all that decades old data they could never get into before.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
So a cop just has to say he saw something illegal, honest and you lose your 5th Amendment rights?
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Here you're naively presuming AES 256 is substantially more secure than AES 128. I suggest you google what Schneier has to say about it.
No, what I said is that AES-256 can't be brute force broken by trying all possible keys.
There are too many of them.
There could be other ways to break them. The easy example is to find the person who knows the key and make them tell you.
Other examples are in a flawed implantation or sloppy programming of some sort, or some other trick to find out the key.
But you can't brute force break it. The key space is too large. You could take all the computers in the world and give them a billion years to work on it and they wouldn't make a dent.
I'm no crypto expert, but I do know math.
Android (obviously~) does this better. With root, you can have a complex key for encryption and a simple key for your lockscreen. I am happy with 8 digits for my lockscreen (makes "greasy finger" hacks much more difficult), and only have to enter the complex key when booting the phone.
$ su -c vdc cryptfs changepw [newpass]
Just don't forget your complex passcode, or you're factory restoring your device.
$10? Wtf. A 32 cent arm chip will have a jtag interface. Its not all solid platinum automotive spec parts in an iphone!
But due to the Buy American Act, they would have to buy an expensive but bad wrench.
Well the only way you can unlock it is by tapping in the pass-code. If you have it configured correctly then it will wipe after 10 attempts. After the 6th attempt it will disable for 1 minute. So you either have 10 chances which will take several minutes to complete. On the other hand to brute force you would have to do this in batches of 4-5 tries, with the owner correctly unlocking between attempts and not being suspicious. It would probably be easier just to use a "hard hack" such as torture or assault to get the pass-code or setup a camera.
Of course the touch-id is a potential weakness, but also a strength as it prevents over the shoulder interception of the pin, while the PIN is still needed from time-to-time.
I would be pretty happy with a 4 digit "simple" pass-code in this situation. It's secure enough for me. I'd rather not encourage "hard hacks".
Jason.
And you can enter only numbers, and the password input will look like pass code import, but with unlimited numbers.
It is a bit worse than that. k = 1.38x 10^(-16) erg/K you are using 10^32 too much energy due to a sign flip. OTOH I'll grant K = 290 rather than 3.2K since I'd assume the computer was on earth not in deep space.
There is also one more complication in that calculation, cooling. This isn't going to matter if you are running the computation fast. But once we get to about 1000 years it throws your numbers way off. We throw off 3.9 x 10^24 J of heat from the sun per year at the current temperature. We'd be throwing off heat much faster with an atmosphere containing the oceans. So it isn't a situation where we throw off more heat essentially linearly as the temperature rises. As a back of the envelope calculation earth's energy loss goes up by 50% per 10C i.e. the hotter it is the thicker the atmosphere (due to water) the more heat loss. I have no idea what happens with an atmosphere with a huge chunk of the ocean in but, but just extrapolating to raise the surface temperature to 100C I'm thinking you are losing around 5 x 10^25 J / year due to cooling.
So I'm thinking your quip works for 256 bits if the computation occurs in reasonable time (say a years, decade, a few centuries) but if you let it go slower....
Interesting conversation.
Weird, the minus sign was there, but /. seems to have dropped it, perhaps because it was quoted. Note that I included it when converting to Joules.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
And so does everyone else.
Everything protected by fingerprint so the police just force you to open it. It's not the fifth amendment, it's your fingerprint. Don't want to comply? Then just take your finger print and use that
You are right, you did include that in your 4.4e-23
Test: 10^-16 (10 carrot -16)
It would be a $5,000 wrench.
Ok. I lol'd.
The energy argument only applies to brute forcing using irreversible computing. If you compute reversibly you can do any computation in arbitrarily small energy.
I believe this is correct.
True, but if the police have you, and you refuse to unlock the phone (and Apple says they cannot), I suspect they can get your fingerprint pretty easily.
Irrelevant in any case because if served with a warrant they would just capture your password and use it to decrypt your key.
The only way they cant do that is if the data were delivered to you, and the password were entered locally to decrypt the data.
Then its a ton of handwaving that accomplishes nothing.
At the end of the day, no matter how many layers of obfuscation you add, there is a single passphrase at the backend that unlocks a primary master key that can get the rest of the directory keys. You accomplish nothing by using additional encryption keys for every directory; any bruteforce attack would focus on attacking the header which contains the master key.
Theres a reason that basically every FDE solution works this way.
You would uncouple the storage from the device physically. This could mean unsoldering the chips, or going in through a JTAG interface, or soldering a connection in, or any of a number of other ways.
There is an old axiom that has always been true. If you physically have possession of the hardware, you control the hardware. We learn this every console generation when people try to implement more and more Rube Goldbergesque methods of separating ownership of hardware from control, and fail each time.
Consider the possibility that the passcode protection could actually be enforced right down to the individual chip level,
Theres the controller (which you would remove, or disable said protection on), and theres the actual flash chips (which you would take an image of prior to doing anything whatsoever).
There are forensics tools for all of this, Im a little baffled that this is apparently news to people. If the cops get your hardware, there will be an image of the device and all of their bruteforcing will be done offline against said image-- not on your specially locked down hardware.
But do try to use your brain a little bit. Do you honestly believe that the flash storage is encrypted with a 4-digit numeric key? Of course it isn't, it's encrypted with a 256-bit AES key that's generated using a per-device hardware key and the passcode
Which is irrelevant, because that 256-bit AES key is stored ondisk in a header which is encrypted................ WITH THE 4 DIGIT PIN.
This is how EVERY SINGLE FDE WORKS. Apple isnt doing anything new, and if they are, you should be worried because getting security right is very hard. Whatever your PIN or passphrase is, it is fundamentally the thing that unlocks access to the device, no matter how much obfuscation you throw inbetween the input of that PIN and the process of decrypting the data. Any attack on your device will be focused on the PIN, as it will always be the weakest link in the chain.
Having worked with FDE solutions for years, I am well aware of how the "Passphrase-->AES key-->Data" process works, and its not foolproof if you use a weak passphrase. And the fun bit is, if your passphrase is shorter than ~10 characters mixed, you arent keeping law enforcement out.
A double post because I wanted to follow up on something.
I know you guys hate Apple,
I dont hate Apple. I think they are really good at many things, including user interface, and they make some fine products.
What I absolutely hate is the culture around their products that assumes that theyre always doing something new and different, and that anyone who doesnt think their products are magical is a naysayer. Full disk encryption is a problem that has been solved for 15-20 years now and everyone does it the same way, because that way works. The claim that Im getting it wrong when you apparently have NO IDEA what the threat model for attacking FDE is, is mind boggling.
Do you honestly think that Apple understands crypto better than the folks at Truecrypt, or dmcrypt / LUKS? That somehow their magical system makes them immune to attacks on the passphrase? Has it occurred to you that there can be threat models that are entirely dependent on the user, and no magical engineering on the part of Apple can possibly fix?
No, of course not; I point out a real world, well known way of attacking FDE, and clearly Im an Apple hater. Heres a news flash: Its a company that makes devices. I really do not care day to day what devices they make-- just dont try to tell me that theyve solved problems that noone else has managed to solve yet (like weak passphrases in encryption schemes) because they havent.
In disk encryption schemes, there is generally a header at the start of the disk, containing the disk's encryption key. This header is itself encrypted, with your passphrase.
This works because the actual encryption key never needs to change; if you ever need to change your encryption passphrase, the system will use your current passphrase to decrypt the existing AES key, will use your new passphrase to re-encrypt the AES key, and will write it back into the header. If you did not use this scheme and instead used the passphrase, you would have to reencrypt the entire disk whenever it changed.
Cracking the AES key would thus involve
1) Take an image of the entire disk
2) Pick a new passphrase to check.
a) Hash the passphrase
3) attempt to decrypt the header with the hashed passphrase from 2a
4) attempt to get valid data from the disk using the results of step 3
5) Do you have valid data?
--> Yes: You now have the correct passphrase and Key.
--> No: You have the wrong key, go to step 2 and continue.
A single iteration of steps 2-5 will depend on the exact algorithms and hashing schemes used. If for example no salt is used to generate the hash in step 2, and you use a single round of hashing / encryption, you could perform thousands or millions of attempts per second. I believe on the iPhone they shoot for ~0.2sec per attempt on iPhone hardware, which could mean several thousand attempts on a high-end workstation, and several million attempts on a large cluster.
Oh, ffs, you moron: AES 256 is *less* secure than AES 128. I tried to give you a hint without being so overtly insulting, but god damn you are stupid. Google it if you don't believe me.
Stay tuned these next years as AES security continues to erode. You don't have to brute force the keyspace for 128 or 256.
I hope you are less incompetent as a pilot. Either that, or I hope you don't fly anywhere near me.
"Apple has reworked its latest encryption in a way that makes it almost impossible
for the company – or anyone else but the device's owner – to gain access to the vast troves
of user data typically stored on smartphones or tablet computers."
The strongest encryption's weakeness is not the math. It's the human.
You need the human to enter something. Even with a 5-billion bit encryption strength, a "1234" PIN code will unlock the device in about 0.5 seconds.
Now, if you lose the key, THEN heatdeath, blah blah... But that means the user themselves cannot access the information.
Also, who needs to crack the encryption on the device when it's freely flowing back to the "cloud"?
One of the 1st times "Barb" libeled me stating "APK is a know-nothing that's never worked in the industry" -> http://slashdot.org/comments.p... in 1 of her numerous sockpuppet fake accounts kept active @ the same time here she uses to upmod herself & downmod opponents she can't get the better of (everyone's onto your games, freak).
Funny part is I've DONE FAR BETTER than ole' "cyclops Frank N. Furter" ever has shown in that exchange too http://slashdot.org/comments.p... , lol!
---
Later, he/she kept a journal on me & libeled me even more but worse -> http://slashdot.org/journal/25...
(Typical b.s. to *try* to 'put down' computer "geeks/nerds" saying "I live in a basement with my mommy" etc. when *ANYTHING BUT THAT* is true, considering I am a taxpaying homeowner!).
---
* From the dates you can SEE she's kept this up unceasingly since early to mid 2010 no less, & that's only scratching the surface (there's far more).
(Even TELLING OTHERS TO HARASS ME BY ANONYMOUS COWARD POSTS, calling me a "pedo" -> http://news.slashdot.org/comme... )
He/She left in May 2012 after being exposed for ALL OF THAT, but came back with this NEW account of hers, & what started up again (I did *NOT* bother "shim" even once before that)?
You guessed it (more harassment) -> http://tech.slashdot.org/comme...
Where I challenged her for her usual CRAP she always runs from (to validly disprove my points on hosts, which she clearly, cannot):
"I tore apart your stupid hosts file crapola." - by BarbaraHudson (3785311) on Tuesday August 19, 2014 @10:46AM (#47703255) Homepage
Oh, really?
Then why'd you run from disproving my points on them giving users added speed, security, reliability & more here too then -> http://tech.slashdot.org/comme...
APK
P.S.=> Barb/Tom (whatever, with multiple sockpuppets too http://slashdot.org/~BarbaraHu... = http://slashdot.org/~tomhudson... + http://slashdot.org/~Barbara%2... ) you've destroyed yourself yet again...
...apk
One of the 1st times "Barb" libeled me stating "APK is a know-nothing that's never worked in the industry" -> http://slashdot.org/comments.p... in 1 of her numerous sockpuppet fake accounts kept active @ the same time here she uses to upmod herself & downmod opponents she can't get the better of (everyone's onto your games, freak).
Funny part is I've DONE FAR BETTER than ole' "cyclops Frank N. Furter" ever has shown in that exchange too http://slashdot.org/comments.p... , lol!
---
Later, he/she kept a journal on me & libeled me even more but worse -> http://slashdot.org/journal/25...
(Typical b.s. to *try* to 'put down' computer "geeks/nerds" saying "I live in a basement with my mommy" etc. when *ANYTHING BUT THAT* is true, considering I am a taxpaying homeowner!).
---
* From the dates you can SEE she's kept this up unceasingly since early to mid 2010 no less, & that's only scratching the surface (there's far more).
(Even TELLING OTHERS TO HARASS ME BY ANONYMOUS COWARD POSTS, calling me a "pedo" -> http://news.slashdot.org/comme... )
He/She left in May 2012 after being exposed for ALL OF THAT, but came back with this NEW account of hers, & what started up again (I did *NOT* bother "shim" even once before that)?
You guessed it (more harassment) -> http://tech.slashdot.org/comme...
Where I challenged her for her usual CRAP she always runs from (to validly disprove my points on hosts, which she clearly, cannot):
"I tore apart your stupid hosts file crapola." - by BarbaraHudson (3785311) on Tuesday August 19, 2014 @10:46AM (#47703255) Homepage
Oh, really?
Then why'd you run from disproving my points on them giving users added speed, security, reliability & more here too then -> http://tech.slashdot.org/comme...
APK
P.S.=> Barb/Tom (whatever, with multiple sockpuppets too http://slashdot.org/~BarbaraHu... = http://slashdot.org/~tomhudson... + http://slashdot.org/~Barbara%2... ) you've destroyed yourself yet again...
...apk
One of the 1st times "Barb" libeled me stating "APK is a know-nothing that's never worked in the industry" -> http://slashdot.org/comments.p... in 1 of her numerous sockpuppet fake accounts kept active @ the same time here she uses to upmod herself & downmod opponents she can't get the better of (everyone's onto your games, freak).
Funny part is I've DONE FAR BETTER than ole' "cyclops Frank N. Furter" ever has shown in that exchange too http://slashdot.org/comments.p... , lol!
---
Later, he/she kept a journal on me & libeled me even more but worse -> http://slashdot.org/journal/25...
(Typical b.s. to *try* to 'put down' computer "geeks/nerds" saying "I live in a basement with my mommy" etc. when *ANYTHING BUT THAT* is true, considering I am a taxpaying homeowner!).
---
* From the dates you can SEE she's kept this up unceasingly since early to mid 2010 no less, & that's only scratching the surface (there's far more).
(Even TELLING OTHERS TO HARASS ME BY ANONYMOUS COWARD POSTS, calling me a "pedo" -> http://news.slashdot.org/comme... )
He/She left in May 2012 after being exposed for ALL OF THAT, but came back with this NEW account of hers, & what started up again (I did *NOT* bother "shim" even once before that)?
You guessed it (more harassment) -> http://tech.slashdot.org/comme...
Where I challenged her for her usual CRAP she always runs from (to validly disprove my points on hosts, which she clearly, cannot):
"I tore apart your stupid hosts file crapola." - by BarbaraHudson (3785311) on Tuesday August 19, 2014 @10:46AM (#47703255) Homepage
Oh, really?
Then why'd you run from disproving my points on them giving users added speed, security, reliability & more here too then -> http://tech.slashdot.org/comme...
APK
P.S.=> Barb/Tom (with multiple sockpuppets too http://slashdot.org/~BarbaraHu... = http://slashdot.org/~tomhudson... + http://slashdot.org/~Barbara%2... ) you've destroyed yourself yet again...
...apk
One of the 1st times "Barb" libeled me stating "APK is a know-nothing that's never worked in the industry" -> http://slashdot.org/comments.p... in 1 of her numerous sockpuppet fake accounts kept active @ the same time here she uses to upmod herself & downmod opponents she can't get the better of (everyone's onto your games, freak).
Funny part is I've DONE FAR BETTER than ole' "cyclops Frank N. Furter" ever has shown in that exchange too http://slashdot.org/comments.p... , lol!
---
Later, he/she kept a journal on me & libeled me even more but worse -> http://slashdot.org/journal/25...
(Typical b.s. to *try* to 'put down' computer "geeks/nerds" saying "I live in a basement with my mommy" etc. when *ANYTHING BUT THAT* is true, considering I am a taxpaying homeowner!).
---
* From the dates you can SEE she's kept this up unceasingly since early to mid 2010 no less, & that's only scratching the surface (there's far more).
(Even TELLING OTHERS TO HARASS ME BY ANONYMOUS COWARD POSTS, calling me a "pedo" -> http://news.slashdot.org/comme... )
He/She left in May 2012 after being exposed for ALL OF THAT, but came back with this NEW account of hers, & what started up again (I did *NOT* bother "shim" even once before that)?
You guessed it (more harassment) -> http://tech.slashdot.org/comme...
Where I challenged her for her usual CRAP she always runs from (to validly disprove my points on hosts, which she clearly, cannot):
"I tore apart your stupid hosts file crapola." - by BarbaraHudson (3785311) on Tuesday August 19, 2014 @10:46AM (#47703255) Homepage
Oh, really?
Then why'd you run from disproving my points on them giving users added speed, security, reliability & more here too then -> http://tech.slashdot.org/comme...
APK
P.S.=> Barb/Tom (whatever, with multiple sockpuppets too http://slashdot.org/~BarbaraHu... = http://slashdot.org/~tomhudson... + http://slashdot.org/~Barbara%2... ) you've destroyed yourself yet again...
...apk
One of the 1st times "Barb" libeled me stating "APK is a know-nothing that's never worked in the industry" -> http://slashdot.org/comments.p... in 1 of her numerous sockpuppet fake accounts kept active @ the same time here she uses to upmod herself & downmod opponents she can't get the better of (everyone's onto your games, freak).
Funny part is I've DONE FAR BETTER than ole' "cyclops Frank N. Furter" ever has shown in that exchange too http://slashdot.org/comments.p... , lol!
---
Later, he/she kept a journal on me & libeled me even more but worse -> http://slashdot.org/journal/25...
(Typical b.s. to *try* to 'put down' computer "geeks/nerds" saying "I live in a basement with my mommy" etc. when *ANYTHING BUT THAT* is true, considering I am a taxpaying homeowner!).
---
* From the dates you can SEE she's kept this up unceasingly since early to mid 2010 no less, & that's only scratching the surface (there's far more).
(Even TELLING OTHERS TO HARASS ME BY ANONYMOUS COWARD POSTS, calling me a "pedo" -> http://news.slashdot.org/comme... )
He/She left in May 2012 after being exposed for ALL OF THAT, but came back with this NEW account of hers, & what started up again (I did *NOT* bother "shim" even once before that)?
You guessed it (more harassment) -> http://tech.slashdot.org/comme...
Where I challenged her for her usual CRAP she always runs from (to validly disprove my points on hosts, which she clearly, cannot):
"I tore apart your stupid hosts file crapola." - by BarbaraHudson (3785311) on Tuesday August 19, 2014 @10:46AM (#47703255) Homepage
Oh, really?
Then why'd you run from disproving my points on them giving users added speed, security, reliability & more here too then -> http://tech.slashdot.org/comme...
APK
P.S.=> Barb/Tom (whatever, with multiple sockpuppets too http://slashdot.org/~BarbaraHu... = http://slashdot.org/~tomhudson... + http://slashdot.org/~Barbara%2... ) you've destroyed yourself yet again...
...apk
It's still impossible to break a 128-bit key by brute force, unless you're very, very, very, very,...,very, very lucky. The only reason to use more would be that you expect an attack on the cipher that will make it far easier to solve. I've read that, if we can ever make 128-qubit quantum computers (which may be impossible for us to actually implement), the effective key length might be halved, so I'd suggest 256-bit keys to be really future-proof.
This applies to any cipher where all possible numbers of the key length can be used as keys, which doesn't apply to the asymmetric ciphers I know of. Also, it assumes that there will be no tremendously effective break. (For the theoretically minded, note that all cipher systems are in NP, so a general solution of NP problems would include all crypto.)
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
The other problem with this approach is that it requires having the owner in custody, and being willing to torture information out of the owner. This is a much higher bar than just having the phone available. LEOs would like to be able to stick a cable in your phone and suck everything out on the spot, or at least be able to confiscate the phone and send it in.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Brute-forcing a 256-bit key (or even a 128-bit key) is not going to happen without changing the laws of physics. The old 56-bit DES key (actually 64 bits, but only 56 of entropy) was vulnerable to being brute-forced. Going from there to a 256-bit key is increasing the amount of work needed by a factor of about 10^60.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
For a 256-bit key, I suspect that collecting the results from the necessary parallel universes would take longer than the expected lifespan of the universe.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
I use JTAG in cheap embedded devices all the time. It's built into the SOC and requires passive components onboard and accessed with cable and $2 buffer chip.
You don't know what the fuck you are talking about.
If anyone is familiar with pay tv satellite hacking in North America, you may know they were often defeated by singular people, with equipment ranging from $10 to $1 million, often in days.
These were chips designed to keep out reverse engineering through probing, and still easily defeated.
I have a hard time believing that there is ample protection from million dollar labs that decap and probe every bit.
Once you have the code, you can use the blessed manufacturer backdoor, or exploit poor buffer checks and take over control.
Satellite hacking stopped due to threats of lawsuits and destroying lives, not because it became impossible. If you're paid by those with means without apple knowing, they can easily reverse the shit out of it.
Goto fail.
No, it's your apple password. If you have "simple" encryption set up, the password is stored on the divice but is encrypted by the 4 or 6 digit passcode. To apple though, everything is a much larger passcode. Presumably if you want a more complex passcode, you should use it. But that's kind of in your court, not Apple's. The device supports it either way.
...is that you shouldn't leave your device where your child can get at it and start typing random passwords, unless you want it wiped regularly.
Then you run into time and storage constraints.
You could have a trillion supercomputers running at a trillion keys per second, and you'd need trillions of times longer than the age of the universe.
How would you measure progress and store it?
The size of the numbers is larger than many people suspect, it is more an academic question than a practical one.
I seem to remember from my studies years ago that it's all in the language a statement is couched in.. As per the title of the post, "Apple will not unlock" iDevices in future, or "Apple can not unlock" iDevices.. I am sure that "will not" would leave one open to contempt, but "can not" is safe harbour.. Anyone know?
Only if you chose to use a 4 digit passcode. Mine is much longer. Plus, you only have 10 tries.
If by that you mean "all of us" because that is the case right now. The fact that you got +5 insightful is real proof that people around here are not as good at math as they think they are.
64-bit keys are considered pretty weak, but not trivial to break, so lets assume that you have a computer so fast you can break one of those keys every second, i.e. it does 2^64 key checks per second. Don't worry about the fact that it would take a computer a million times faster than the fastest super computer in existence now to do that, we're just estimating. Now, even with that ridiculously awesome super computer, it would still take you 10 times the lifetime of the universe to break a 128-bit key. So unless there is some theoretical break on the cipher, 128 bits is secure for a very, very long time to come.
"I also believe in the Everett-Graham-Wheeler interpretation of quantum mechanics ... but not in quite the same way that they did"
No kidding. MWI (and essentially all Everettian models) are fully deterministic. (These models share time symmetry with all interpretations of quantum mechanics, as well.)
MWI is about entanglement of "event" with "apparatus", with the entanglement spreading from apparatus to scientist to lab to building to campus to city to known universe. The dual, splitting rather than entangling, makes for better headlines but worsens understanding of decoherence.
The details of MWI vs Copenhagen don't matter at the quantum mechanics level -- any sort of "debate" about interpretations is almost always about how the classical behaviours we experience are recovered when quantum mechanical experiments are made.
mod parent up!
So everything is protected by a 4 digit passcode?
Wow... Impregnable.
If your using a 4 digit passcode you deserve to get hacked. Apple has allowed for advanced password for quite a while now (numbers, letters, special characters, capitalization) of long length. So yes, it is impregnable if your not too lazy to make it more than 4.
My interpretation is fully deterministic in the same sense that their was. Probabilistic is meant in the "sum over histories" sense that multiple histories yield the same present, so you can't reasonably pick just one and say "That's what came earlier", but you instead have a spread of probabilities of linkage. I interpret that probability as the strength (weight) of the link. From each past the probabilities to all the futures it links to sum to 1. Similarly from each present the probabilities of all the pasts it links to sum to 1.
The difference between out models is that EWG, at least in the presentation that I read, only considered forwards (toward the future) links. I see no reason to believe that this is a correct interpretation. (I'm not sure about chronology, but I believe the EWG model was created prior to Feynman's Sum over Histories approach being derived. This difference is probably the result of that.)
I think we've pushed this "anyone can grow up to be president" thing too far.
citation.
Anyone can request anything from the courts. What matters is whether the courts gave it to them. In this case, the courts DID NOT compel him to produce his password/encryption key. That's the "ORDER DENYING...." part.
My previous point still stands but I have no doubt the government will keep trying and we, the people, will keep having to reassert our 5th amendment.