Slashdot Mirror
Apple Will No Longer Unlock Most iPhones, iPads For Police
SternisheFan writes with this selection from a story at the Washington Post: Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user data. The move, announced with the publication of a new privacy policy tied to the release of Apple's latest mobile operating system, iOS 8, amounts to an engineering solution to a legal dilemma: Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that makes it almost impossible for the company – or anyone else but the device's owner – to gain access to the vast troves of user data typically stored on smartphones or tablet computers. The key is the encryption that Apple mobile devices automatically put in place when a user selects a passcode, making it difficult for anyone who lacks that passcode to access the information within, including photos, e-mails, recordings or other documents. Apple once kept possession of encryption keys that unlocked devices for legally binding police requests, but will no longer do so for iOS8, it said in a new guide for law enforcement. "Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data," Apple said on its Web site. "So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."
So everything is protected by a 4 digit passcode?
Wow... Impregnable.
News for merdes. Shit that matters.
Ask me about my sig.
This is how things are supposed to be. The legal system was designed for individuals "to be secure in their persons, houses, papers, and effects."
I said no... but I missed and it came out yes.
My luggage only has a 3 digit passcode, iphone is 10 times stronger encrypted!
It could be a 4096-bit private key with uberultra fugu-based quantum encryption:
http://xkcd.com/538/
Mod me down, my New Earth Global Warmingist friends!
No, you can, and should, use a much longer (and with more varied characters) passcode than that on iOS. The device actively tells you you should if you set up touch ID.
Yes, but you can easily set your device to wipe after 10 incorrect passcode entries. So, what this really means (assuming that Apple's statements are true) is that, in the event the police want access to your iDevice, their only option (unless they're willing to play 1000:1 odds) is to get the passcode from you.
Mine is a 15 character complex password.
Well, and a thumbprint, which I suspect is the more likely attack vector.
Well, Apple can expect a secret court order that forces them to implement a backdoor or some other method to invalidate this protection. It won't be something regular police can get theirs hand on, but the FBI and NSA will.
Besides, if iCloud is not protected the same way, it doesn't make much of a difference in practice.
Then they're served with another warrant ... one that obliges them to put a back door into either the individual device, or their whole infrastructure. Without informing users that such a warrant has been served.
Then what?
It's like a game of chess where the values of the piece can be unilaterally changed by one side.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Even if it is real. How long before there is an amendment to the patriot act stipulating that every encrypted gadget should have a master key and that master key should be provided to uncle sam?
*most*
I'm operating under the assumption that this is not some marketing gimmick and Apple is really concerned about the privacy of its user base. If this is the case, I'm happy to keep using Apple. I was going to hold off on updating to iOS 8 but, methinks I will upgrade after all. The old adage, "You have nothing to worry about if you haven't done anything wrong" is just plain wrong. With the misconduct of police and prosecutors, I want to be secure in my effects.
Government law enforcement realized private companies would eventually do this, so they dont target the devices directly. Its why warrantless wiretaps by major telecom companies were later granted retroactive immunity. this hurts local municipalities prosecuting sexting cases and drumming up charges to shore up votes for the prosecutors re-election, but the FBI and CIA dont care.
Good people go to bed earlier.
Fill you luggage with locked iPhones.
Now that's secure!
i'm sure the cops can image your encrypted phone and try to break the encryption offline without risking loss of data. if they can't break it now, they will simply store the data for the next 10 years until they can and go back to it then. sort of like fingerprints, DNA or any other crime scene evidence
apple doesn't have the keys to the new backdoors.
Not to mention their warrant canary is dead.
Don't forget 3141
"Long run is a misleading guide to current affairs. In the long run we are all dead." (John Maynard Keynes)
The pass code is limited to four numbers, but you can switch it to a longer pass phrase which may include any number of alphanumerical characters.
"So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."
Let Apple relax for it's a matter of time. As any software developer knows, software will [always] have bugs. Apple's software is no different.
Like "123456789" maybe?
That's the average user's version of a pass-code like they use "password" for a password
I've not run into a limit, not sure what it is.
I have no doubt most people's are very hackable.
... but I wouldn't be surprised if you start seeing requests for courts to order phone/internet providers and/or Apple to install trojans and/or man-in-the-middle-enabling SSL certificates on suspects' phones.
Then again, I wouldn't be surprised to find out 5 years from now in a leak or declassified-in-2019 document that this is already routine practice in 2014.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Can't wait to see how people spin this as anything but good news.
-- Complex passcodes take more computational power to crack.
-- More computational power takes more electricity.
-- More electrical use leads to burning more coal and oil which leads to global warming.
-- Global warming is bad.
Q.E.D - complex passcodes are bad.
Faster! Faster! Faster would be better!
Or switch to a pass phrase, which can be of any length.
It has mechanisms to lock you out until you sync with itunes or erase your device after 10 tries. It depends on how you have it configured.
Nothing prevents you to use 3rd party encryption on your Android phone (and I'm not speaking about 3rd party system)... and I seriously doubt that Google will be able to do anything about data crypted by 3rd party system.
On Android, you work on a system of service provider/consumer. Your contact list ? you've an application acting as contact provider and other as contact consumer (reader/writers).... If you want to protect them, nothing prevents you to use a different default contact provider which uses an encrypted container. Same for most of the phone features...
On iPhone, you can only trust Apple's word... like we did when it was about geolocation data...
Standard data forensics procedure is to write-protect any storage device which contains evidence, copy it bit-for-bit, and do all the decrypting and data analysis from the copy. The 10-try limit may protect your data from a random thief who lifts your phone, but the only way it's going to protect you from the government or any other technically-capable hacker is if Apple baked the limit into the flash memory-reading hardware.
And there's always this.
No because encryption is derived from passcode and device key which is in the cryptochip sillicon. You have to brute force those things 'online' due to this as anyone who has done iOS forensic will tell you. Now if you want to break that full key out of the blue offline then... hm. yeah.. see you in a million years.
Key escrow laws have been attempted before. And failed.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
There already is a master key, or, more specifically, a master wrench. Preferably a 1 inch or larger spanner wrench.
Applied to various parts of the body it will do a wonderful job of improving certain specific memories. This isn't designed to prevent the NSA from going after you should they find that desirable (don't kid yourself, twinky). This is designed to protect yourself against two bit private investigators, your local sheriff, the creep down the block and your mother. No security is perfect, but this is lots better default security than most people ever get. Yes, Ms. Random Luser can defeat it by posting their passkey on Facebook or telling their soon to be ex boyfriend, but since security is a process, not a thing, nothing is always completely secure. And especially nothing that is designed to connect to the Internet.
Faster! Faster! Faster would be better!
Nobody* requires you to back your phone up to the iCloud.
*Nobody that I can confirm that is. I can neither confirm nor deny that the FBI/NSA can require Apple or your phone/internet provider to install hidden code on your phone that backs everything up to iCloud.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I'm pretty sure you can download some sort of suitcase app onto each of these phones.
As much as the government wants these powers, and wants them in secret, this is really a policy decision which needs to be made by the citizens. They need to decide if off-the-shelf products should provide end-level encryption by default, or if the government should always have a back-door into all encrypted products. Not politicians, not the police, and certainly not secret government courts. Society at large needs to decide which is more important - personal privacy, or the government's ability to obtain evidence of laws being broken in communications mediums and storage devices.
This move by Apple puts the debate squarely in the public's eye, instead of hidden in esoteric cryptography forums and secret government courts.
Well done.
One would think so, but they may also just want to activate the wipe to intentionally delete the data on the phone that could exonerate you!
http://justiceforbradcooper.wo...
Or, they simply use a $5 wrench.
Life is not for the lazy.
NSA: "Just tell them this, it's technically true because we'll hold the master key and you wont. "
Apple: "can we also keep a master key and just lie about it, how's that fingerprint data base working out?"
NSA: "have my babies"
This is how things are supposed to be. The legal system was designed for individuals "to be secure in their persons, houses, papers, and effects."
Like many countries, we inherited a strange and somewhat muddled legal system from England. That bit got added along the way.
I have one question:
If you damage your iDevice and forget your password, can they recover your data?
If the answer is yes, they are lying if they say they cannot assist law enforcement. And between lying to their consumers and lying to the government... I am pretty sure I know which way they will lean.
No good deed goes unpunished...
i'm sure the cops can image your encrypted phone and try to break the encryption offline without risking loss of data. if they can't break it now, they will simply store the data for the next 10 years until they can and go back to it then. sort of like fingerprints, DNA or any other crime scene evidence
For that they would not need to crack a password, but create 256 bit encryption. With different encryption keys for every single file in the file system. I think brute forcing 256 bit encryption unless severely flawed is at the "physically impossible" level.
If you damage your iDevice and forget your password, can they recover your data?
If you forget your password, and you lost the backup key that Apple tells you to put in a save place when encryption is turned on, and you forget the answer to your security question, then yes, your data is gone. Forever.
I presume you wouldn't say it was "wrong" of the United States to crack the German and Japanese codes in WWII...
This isn't so much a law enforcement question as a question of how to do SIGINT in the modern digital world, but given the above, and given that intelligence requires secrecy in order to be effective, how would you suggest the United States go after legitimate targets? Or should we not be able to, because that power "might" be able to be abused -- as can any/all government powers, by definition?
This simplistic view that the only purpose of the government in a free and democratic society must be to somehow subjugate, spy on, and violate the rights of its citizens is insane, while actual totalitarian and non-free states, to say nothing of myriad terrorist and other groups, press their advantage. And why wouldn't they? The US and its ever-imperfect system of law is not the great villain in the world.
Take a step back and get some perspective. And this is not a rhetorical question: if someone can tell me their solution for how we should be able to target technologies that are fundamentally shared with innocent Americans and foreigners everywhere while still keeping such sources, methods, capabilities, and techniques secret, I'm all ears. And if you believe the second a technology is shared it should become magically off-limits because power might be abused, you are insane -- or, more to the point, you believe you have some moral high ground which, ironically, would actually result in severe disadvantages for the system of free society you would claim to support.
If the passcode must be manually entered, then even a 4 digit password is not particulalry feasible to try and crack. Sure, it can be done by a determined enough person, but you're talking about sitting around doing nothing but pressing virtual keys on a screen for what on average would probably be at least half a dozen hours before they might luck out and get it right. Most people have something considerably better to do with their time... If that couples with a password count restriction, say, limited to 10 attempts to unlock per hour, then it's completely infeasible.
File under 'M' for 'Manic ranting'
I suspect Apple is making this news release because of secret court order asking them to do. It is the same as law enforcement saying imessage is uncrackable. All they (the government) want is for you to voluntary turning over your information thinking that they are secured.
only if you are retarded and only use a 4 digit code.
Do not look at laser with remaining good eye.
The after the first fail it times-out for 5 minutes, then 30, then 60, 24 hours, etc... This is an example, I'm not sure of the actual times. But I've seen it happen.
If you get to a dozen tries you're about a month into it.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
One can easily set a longer passcode. Just tell it to do longer than four digits, use numbers only in the password, and once set, the iDevice will prompt you with a numeric keypad and an OK button. If you use letters in your password, it will use the usual full alphanumeric setup.
This way, one can have a longer PIN (I prefer at least 12-16 characters.) Not one in 10,000 anymore, but far higher.
Of course, the attacks will then go to the rubber hose decryption (xkcd.com/538), but it does raise the bar.
Oh, and you can set it to wipe the device after X failed attempts.
Oh, AND you can choose to use a password instead of a pin.
It's as secure as you choose to make it.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
Windows had "My Briefcase" years and years ago. Apple is still trying to catch up to that?!?
If you didn't want it to completely erase everything after a number of failed attemps, but the device could still be set up to block more than, say, 10 attempts per hour, then you're looking at closer to a month and a half, assuming you make 10 attemps every hour, night and day until you crack it... or on average, still more than 20 days to crack. In that amount of time, it's not inconceivable that one could have reasonably earned enough money to buy a whole new iphone, so the data would have to be of extreme importance to even want to go through with that. If you restrict it to no more than 10 attempts per 24 hours, then you're looking at the average length of time to crack being well in excess of a year. And again, it would have to all be done manually.... Who the fuck has that kind of patience?
File under 'M' for 'Manic ranting'
Standard data forensics procedure is to write-protect any storage device which contains evidence, copy it bit-for-bit, and do all the decrypting and data analysis from the copy. The 10-try limit may protect your data from a random thief who lifts your phone, but the only way it's going to protect you from the government or any other technically-capable hacker is if Apple baked the limit into the flash memory-reading hardware.
And there's always this.
You can put a complex password on your iPhone:
1) Settings->Passcode, enter your 4 digit passcode.
2) Flip the "Simple Passcode" switch.
3) Set your new arbitrary length complex password.
4) Enable the "Erase Data" setting which wipes the device after 10 incorrect password inputs.
5) Enjoy entering your complex password every time you want to access the phone.
The encryption on these iDevices and the Macs is non trivial to crack. Combine this encryption with a properly strong password and that wipe feature and even the Police would be shit out of luck. I know of a case where a guy resolutely refused to provide police with the password and crypto-key for his MacBook. The cops shipped the laptop to Cupertino who sent it back after a few weeks having failed to crack the drive encryption. The cracking would take longer than the expected lifespan of the universe. Your only hope of getting into a properly password protected and encrypted device be it an iDevice, an Android device or a Windows phone is if there happens to be some software vulnerability that enables you to bypass the login screen.
Only to idiots, are orders laws.
-- Henning von Tresckow
So if I can get my hands on your phone for about 60 seconds I can brute force it to wipe it's contents?
There are not different keys for every file, or if there are they are tied to a master key. The only way you can view an encrypted device with a single passphrase is because that single passphrase is tied to a single master key somewhere.
and you forget the answer to your security question,
The presence of a security question on any service indicates immediately that they almost certainly have access if served with a warrant.
Comment removed based on user account deletion
Step 1: Pull the storage
Step 2: Image the storage
Step 3: Attempt to bruteforce it offline
Step 4: Wait 30 seconds
Step 5: You now have the 4 digit PIN
If youre attempting to break into it, you wont do it using their input mechanism, you'll do an offline brute force which completely ignores failure wipe limits.
"forget answer to security question" --- a security question is usually used in the context of retrieving or resetting a password. If Apple can retrieve the password (from the device, its servers, iTunes, whatever) or can remotely reset the password and somehow make your data available to you, then it isn't secure. Secure would mean that forgetting a password is effectively the same (at least for the next 5 or 10 years) as tossing the storage into a raging furnace.
What changed under Obama? Nothing Good
Blackberry used to be secure until they wanted to sell phones in India and the Indian government demanded a backdoor in order for them to sell phones there.
Will India now also refuse the sale of iOS8?
why is everybody so full of hate here. apple takes a step forward in security that no other phone company has done. they should be applauded for this. they are doing a bunch of things with iOS 8: randomizing mac addresses that a city-wide wifi network can't track you as you move around (seattle and google have done this). published a 50 page white paper on how iOS security works (nobody else is this transparent). 2-factor authentication needed to change your password, log in to the internet, restore your device (this is a catch-up move but still good to hear). they are making big strides here, and this is a GOOD THING. maybe people can show their appreciation and not tear things down all the time?
And we should believe Apple why? Who thinks that if Apple gets a national security letter that they're not going to comply? And what about access to the increasing proportion of data that is stored on Apple's servers instead of the local iPhone? Is Apple going to say no to the NSA/FBI/CIA on that, too?
We've heard these promises before.
You are welcome on my lawn.
Here's a pretty good analysis of 4-digit PIN distribution: http://www.datagenetics.com/bl...
Statistically, one third of all codes can be guessed by trying just 61 distinct combinations!
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Or, they simply use a $5 wrench.
If they simply want the information, the $5 wrench works. If they want it to be admissible in court, then it doesn't work so well.
I'm betting an NSL with the ink still wet makes all this pretty, untrue words.
If you genuinely have something important enough on the phone that you don't want them to know about, then time spent in jail for contempt of court might be preferable to the penalties that you would have otherwise incurred.
File under 'M' for 'Manic ranting'
If 0000 is good enough for ICBM launch codes it's secure enough for me.
This is security on the device, but not of the backups. They should be doing client side encryption and zero-knowledge storage in the cloud.
So remember, kids - if you're going to go all jihad or spaceman with your iPhone, just make sure you set it not to save any backups!
Is it just my observation, or are there way too many stupid people in the world?
No, each attempt has a longer pause between it after a certain point to prevent exactly this.
And how would you do step 1 or 2, exactly? Consider the possibility that the passcode protection could actually be enforced right down to the individual chip level, so trying to image the storage without the correct password would be futile, only giving you garbage at best.
File under 'M' for 'Manic ranting'
some of us are old enough to remember when 128 bit keys were considered unbreakable
The backups are not encrypted with keys that Apple doesn't have, so they can turn over all of your backed up data - they just can't remotely unlock the physical phone device. All that's required is to make sure the phone is in range when it backs up and Apple can provide (nearly) all the data police require.
Is it just my observation, or are there way too many stupid people in the world?
there were lots of keys unbreakable 10 years ago without a super computer. i'm saying you image the phone, save the data for 5 years and try it with new tech then. chances are statute of limitations will not apply
Are you kidding, it's much easier to say "we cannot do that" than have to go through verifying and unlocking a device every time someone forgets their passcode. It may piss off those customers, but there's nothing they can do.
I think the iPhone 6s should have a user-writable strip on the back so you can write down your passcode in case you forget it. Maybe a little sticky strip to cover it up so people can't see it normally.
Is it just my observation, or are there way too many stupid people in the world?
If a court order doesn't make you turn over the codes or data on your iPhone you may end up in jail for contempt of court. If that doesn't work, and the cops really, really want the data, then you may end up on an airplane to a country that doesn't care much about your personal safety and have your sensitive body parts hooked up to electric circuits causing serious pain. This of course after the use of rubber hoses or harder objects to damage brittle parts of your body. Whether they get the data or not you may never be seen again with the explanation by the cops that you escaped and they can't find you.
In a time of universal deceit, telling the truth is a revolutionary act. George Orwell
Well done, Apple. Your move, Google.
We should learn what we need to know about issues, before we decide what we need to feel about them.
I have a 9 digit alpha-numeric password on my iPhone. You don't have to use a 4 digit.
SJWs are the new boogeyman. -Me
Well at that point it doesn't matter how many characters it is as the data isn't encrypted by the password anyway.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
Parallel construction.
How do you clone the data in the first place if the hardware won't let you read it without the right password?
File under 'M' for 'Manic ranting'
For the feds, you bet your ass they'll cough it up. Just clone the drives, and off they go.
Damn! Even Apple sounds like they're on November's ballot! May as well be, they and Google are damn near a government agency.
“He’s not deformed, he’s just drunk!”
They aren't going to hack it using the onboard software obviously which means those counter measures won't matter.
If you want the data, you can get the data. End of story.
The cracking would take longer than the expected lifespan of the universe. Your only hope of getting into a properly password protected and encrypted device be it an iDevice, an Android device or a Windows phone is if there happens to be some software vulnerability that enables you to bypass the login screen.
Not entirely true. It will take a random amount of time up to longer that the expected life of the universe.
They might get it on the first try by dumb blind luck.
The article says almost. I could say my car is very secure and almost impossible to break into... It can still be broken into.
Based on this I figure we aren't going to have the ability to copy to/from this device by hooking it up to a computer.
Just a guess about how they do it, but if I were going to set this up, I'd have a crypto chip in the phone that contains a big random number which produces the actual encryption key when it's hashed with your 4-digit pin. The chip will never tell you the random number, just the key it produces, and if you enter too many bad pins it will delete the random number. So you can copy the data and try to crack it offline, but you'll be working against a strong key instead of a 4-digit pin.
wonder if India and UAE will now ban apple
I'm cruising along and a brick smashes into my windshield, causing me to wreck and I'm unconscious. The local Public Servant wants to contact my wife, but the iPhone is locked. Do they have a way of getting that minimum amount of information? I'm all for privacy, but sometimes the Public Servants truly are that, and they are trying to help. (by the way, the brick part is true, but it was my wife's car and she was lucky enough, and had the presence of mind, to get off the road safely).
"Who are you?" "No one of consequence." "I must know." "Get used to disappointment."
So everything is protected by a 4 digit passcode?
Or your fingerprint, and where would the police get your fingerprint?
The security question could merely be a second decryption key. That would maintain full security of the encryption (as long as the question's answer isn't simple).
So when the police need the stuff on your phone, they give you a wood shampoo with the billy club.
For you people who came over from NPR, wood shampoo is a beating your skull with a police baton.
why is everybody so full of hate here.
For some, it's because Apple has the audacity to make tech easy for non-techies to use—that is, take away the exclusivity that some of the geeks here feel they should have on being able to use complex electronic devices.
For others, it's because Apple doesn't open up everything so that they can tinker with the innards and customize it to their exacting specifications (at least without jailbreaking).
In these cases, and some similar ones, there's a strong sense that Apple is not serving true geeks, but rather the masses, and therefore they're never going to do anything different that's not cosmetic—shiny, thin devices, pretty UI, that sort of thing. They must be incapable of real, complex, important stuff, because they don't "get" our favorite complex, important stuff.
For still others, though, it's not really about Apple, but rather a general sense that no large organization—company, government, or government agency—is going to act in the best interests of the people they are supposed to be serving (in one way or another), and that they will almost gleefully lie about their nefarious intentions in order to lull the sheeple into a false sense of security.
And sure, it's possible that Apple's lying. That up until now, they have been open about being willing to give your information to the Feds when they ask for it, but now they'll just do it under the table. But that really doesn't pass Occam's Razor. It doesn't even pass Hanlon's Razor—it requires Apple to be both malicious and stupid. But a lot of people believe Apple is exactly that, because Apple's not Their Team—it's Them, not Us, and therefore any and all negative traits are safe to attribute to it.
Dan Aris
Fun. Free. Online. RPG. BattleMaster.
The cracking would take longer than the expected lifespan of the universe.
The obvious solution is inter parallel universe travel. We find the parallel universe in which the only difference is that the suspect didn't lock his/her phone and get the data there. Problem solved.
It must have been something you assimilated. . . .
1. Set the device to wipe itself after ten mistakenly entered pass codes
2. Give ten different pass codes
Better option is to have an app that allows only 9 mistakes, for the ultimate twist.
Yes, that is true...
But it isn't logarithmic, it is exponential...
A 256-bit encryption isn't twice as hard as 128-bit, and a 4096-bit is beyond silly.
There might be fault with the method of encryption, perhaps a hack or a mistake in the code, but you won't brute force 4096-bit encryption. It would take more energy than exists in the universe, go look it up. :)
They might get it on the first try by dumb blind luck.
Yes, you're right...
But that is very unlikely to happen...
It was designed for syncing a folder on your computer with a floppy disks. Now that we have flash drives, seek times aren't so bad and you can operate on them directly (or use cloud storage).
The feature's technically present even in Windows 7. Just add a desktop.ini file to any folder with the following lines:
[ShellClassInfo]
CLSID={85BBD920-42A0-1069-A2E4-08002B30309D}
ConfirmFileOp=0
Apparently there's a way to re-enable it in Windows 8, too.
Source: http://en.wikipedia.org/wiki/B...
id think in even a few hundred years our best encryption would be trivial to break.
Not without huge advances in theoretical mathematics, no. We have encryption that would take longer to crack than the heat death of the Universe, even if every atom in it were a modern computer.
On the other hand, advances in the factoring of large numbers, could, for example, make some modern encryption method a lot more vulnerable. But I am told, by people who do research on that topic at MIT and Caltech, that momentous breakthroughs in that area are unlikely - modest improvements, certainly, earth-shattering advancements, no.
No good deed goes unpunished...
And 5772. Don't leave the Euler-Mascheroni constant all alone!
Not a sentence!
> no court in the U.S. has the authority to order a specific change to a product.
Not that they'd actually order that a backdoor be developed, but most courts can order specific performance. In many states, small claims courts are limited to monetary damages, but any other court of general jurisdiction can issue a specific performance order. You see this used in custody cases where the father is ordered to provide health insurance, for example. It's also common to have specific performance ordering a government official to take some action, such as issuing a title for a car that didn't have the normal documentation. In general, a court can order whatever the court thinks is equitable, subject only to the prohibition on "cruel and unusual punishment ".
Then you check Apple's transparency report for the warrant canary. And if you do, you will find that it is no longer there which suggests what you say is true.
What does "Most" mean? Sounds like another loophole..
The fingerprint is embedded within the SOC and not accessible from any API - a write only part of the device. It will accept new fingerprints and perform comparisons but never reveal any currently stored fingerprints. This is a dedicated piece of hardware and short of dissolving the package away to access the storage directly, there is no way to recover a fingerprint. Without the fingerprint, the encryption key associated with that fingerprint will never be released. One assumes the encryption key was randomly generated and of sufficient length so that it provides maximum security for whatever encryption algorithm was used to secure the device.
Cmon.. who should really be afraid of the big bad wolf? Are you really doing anything that private? I can see some things like a password repository or CC numbers being so protected, but, seriously ... what are we hiding? While I don't want to pay for a whole class of society to collect and review the contents of my phone, but, why would someone -need- complete protection - to break the law? Watergate stuff? Texting while driving?
Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
Apple can't read your e-mail.
Apple can't access your files in the cloud.
Apple can't unlock phones.
Yet they've done it in the past.
Why on earth should we believe that they still don't have the capability to do so now?
Just because they give us their word?
HA!
Forgive me if I believe this to be bullshit of the highest order.
Chas - The one, the only.
THANK GOD!!!
How can we know they will actually carry this out? It's pretty damn depressing when you can't even trust open source software because of certain entities; how would we trust Apple with iOS then? Sigh, this is getting so old.
Which is nice, because most of the time you only need Touch ID to 'enter' that 12-16 character passcode.
Just pray you remember it next time you need to reboot/power on your phone.
There are two types of people in the world: Those who crave closure
Apple Computers has announced that their servers have crashed due to the extremely large demand from iDevice customers seeking to download the latest iOS version 8. They're blaming it on some bizarre phenomenon called "the Slashdot effect".
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
The same way you clone any encrypted container. You know you can image an encrypted drive? You still won't be able to access the data without decrypting it, if it's truly encrypted unlike the early iOS-we-say-it's-encrypted-but-it's-really-not fiasco, but you do have a copy of the drive.
The pass code is limited to four numbers, but you can switch it to a longer pass phrase which may include any number of alphanumerical characters.
Actually this is no longer true as of iOS 8 - it wants you to set up a complex pass code by default.
#DeleteChrome
Apple codes their iOS so that neither they or law authorities have no backdoor or master key to access any iDevice.
When they approach the owner, he can flip the proverbial middle finger by citing the fifth amendment.
And it's all legal despite any Patriot Act, secret FISA court, or intimidating threats from the NSA.
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
More importantly, you can also disable "simple passwords" in IOS and use a longer and more complex alpha-numeric password. These passcodes can be up to 37 characters long, utilizing any of 77 different characters (upper & lowercase, numbers and some punctuation).
If you are really worried about the security of your data, you should enable complex passcodes. The default 4-number PIN is really there more to stop curious friends from getting onto your device than preventing a determined hacker (or law-enforcement officer) from getting access.
Only if there is some level of raw access that bypasses the security. The security can, in theory, be enforced on the individual chip level and without the right password available to it, you can't image any of the chip's contents, raw or decrypted.
File under 'M' for 'Manic ranting'
There are not different keys for every file, or if there are they are tied to a master key. The only way you can view an encrypted device with a single passphrase is because that single passphrase is tied to a single master key somewhere.
iOS uses a different encryption key for every file. One component of the encryption key is stored in the directory, one part comes from the device encryption key.
too late.
You're right! We should do nothing now! Why would we want to change something we don't like. Oh, that's right, it's too late.
What a defeatist attitude.
In the US, we have this thing called the 5th amendment so no one can be compelled to provide a password which, if used, may incriminate them. The UK is a different story but here in the USA, we still have that protection.
I am not saying they won't TRY to get you to turn it over or trample your rights in the process. That will most certainly happen. What I am saying is that there isn't any legal precedent to compel you to turn it over.
The presence of a security question on any service indicates immediately that they almost certainly have access if served with a warrant.
Only an idiot would implement it in such a way that the password could be produced by Apple. They take your information, then encrypt it with the answers to three security questions. Without the exact answers nobody can extract the information.
And remember that you can enter anything you like as the answer to the security questions. It doesn't have to be thre truth.
Or, they simply use a $5 wrench.
Don't be ridiculous, we're talking about the US government and not some thugs.
It would be a $5,000 wrench.
The Daddy casts sleep on the Baby. The Baby resists!
So the brick managed to destroy the license plates and your driver's license or other cards with your name on them in the car, but your fucking phone still works? And you happen to have a contact for your wife in your phone that says "WIFE" and not just her first name?
No, after a while it just factory-resets the device. Happened to my wife on holiday when she forgot her passcode and made repeated futile attempts to get it right....
Thank god, US tech companies need to export their stuff, too.
I'm pretty sure that Apple et.al. have it clear to the various representatives in political offices what kind of policy they are going to support (i.e.: donate money) in the future and what they will not support. After all, Cook hired this new lobbyist: http://appleinsider.com/articl...
US is a corporatocracy - and Apple has very deep pockets and very loyal customers (who often also have deep pockets) with long memories - nobody in D.C. wants that combination against them.
Windows 2000 - from the guys who brought us edlin
Blackberry used to be secure until they wanted to sell phones in India and the Indian government demanded a backdoor in order for them to sell phones there.
Was Blackberry ever secure? I thought that they always had the user's encryption key. No backdoors or changes necessary. It was simply that the government demanded that they turn over the user keys that they already possessed.
It's pretty much the idea, which is terrible in my view. But then again, how else are you going to prevent bruteforce?
Write boring code, not shiny code!
If you encrypt your Android phone, neither Google nor anyone else has any special access to its contents. However, there is a caveat.
In the current (KitKat) implementation of device encryption, the actual data encryption is done by standard Linux dm_crypt, which is very strong assuming the master encryption key is well-protected. The master encryption key is in turn encrypted by a key derived from your password. The derivation algorithm is good (scrypt) but it's still possible to brute force the password space. How difficult that is depends on how long your password is and unfortunately there's a clear conflict between security and convenience here. You can choose a very long password and have high confidence that it's infeasible for anyone to break it, but then you have to type that long password on your phone all the time.
Apple has undoubtedly made use of the "Secure Vault" chip they have in their devices to store a significant portion of the material needed to derive decryption keys in secure hardware, which is almost certainly configured to rate-limit brute force attempts, and eventually just to lock the device up forever. Given that the obvious and straightforward implementation of such a system would never have given Apple the ability to unlock phones, they must have decided to add a sort of "back door" for themselves, probably to rescue customers who'd locked themselves out. Now, they're removing that back door. Good for them.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
When you speak of 4096 bit encryption, you are generally talking about RSA keys. RSA keys do not share the same "strength per bit" as symmetric keys like AES-128.
Most folks say that AES-128 is about equivalent to RSA/3072, and Elliptic Curve would need to be 256 bits to be roughly equivalent to AES-128.
The big upcoming problem with RSA is that the number of bits needed per key goes up rapidly as you need to get to stronger key sizes. To get something equivalent to AES-256, you would need a 15360 bit RSA key. Which makes Elliptic Curve crypto more interesting because you only need about a 512 bit EC key to match AES-256 strength.
Wolde you bothe eate your cake, and have your cake?
They'll use the usual police state nonsense:
"Think of the children!"
"Apple is letting criminals hide their crimes!"
This is exactly the point. Police can serve a warrant on a person, but they can't take the legal wrench to apple.
For the AES encryption used on the iOS flash, you need advances in the discrete logarithm problem, not factoring large numbers. There’s no RSA involved in protecting the flash contents.
Additionally, there’s no known way to make the boot loader just dump an image of the encrypted flash for you to start brute forcing on. You’d need to disassemble the phone, desolder the flash chips, and read them out in another circuit.
That’s certainly do-able, but not something that can be done to a phone that needs to continue to remain intact for any reason. IE they couldn’t just dump your phone while you’re in the tank & give it back to you when you’re released, planning to work on it later.
How does a copy of a drive image wipe itself after any number of failed attempts?
If they already have you, which is pretty likely if they've managed to get your physical phone since most people keep those on or near them at all times, then they can probably figure out how to lift a print. Or you know, just coerce you to touch the pad.
You can also set it to erase everything if the passcode is wrong more than ten times.
More systems like this should really have a "duress PIN". Enter a specific number which is different from your unlock code to immediately wipe the device, no 10-retries required.
Or by your fingerprint. Or, in my case by a 12-character secure password.
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
You don't have to enter the passcode every time if you've got a TouchID device. When my new phone shows up, I have a 13-digit code memorized from when I was a kid (long story). I'll input that once a day, and use the scanner to unlock the device the rest of the time.
Really you only need a 6-digit passcode to be exceptionally safe, but it's honestly easier for me to remember this particular code than something shorter.
While I'm sure that most iOS users don't have this enabled, it is possible to have a complex password to unlock. With Touch ID, I think they should make it mandatory, since it would be a much rarer event that people have to enter it.
If you can't convince them, convict them.
iOS is closed-source. As is the hardware.
Until there are a few independent source audits (unlikely), we only have Apple's word to go on. Nobody wishing to hide anything should trust the "word" of a corporation that their device is encrypted safely.
Is anyone stupid enough to believe this?
Having said that, even if it is true, the fingerprint reader is a lot easier to fool, and the government has experience with fingerprints. So maybe that makes the passcode irrelevant.
Loading the CPU with custom software would either require a ROM-level vulnerability in the bootloader or for Apple to sign your alternate firmware to load in.
To my knowledge there have been no bootloader vulns since the early production runs of the iPhone 4S. All jailbreaks since that time have depended on vulnerabilities later in the software stack. The bootloader will not accept a firmware older than the one currently installed on it, so downgrading to exploit since-fixed bugs isn’t possible.
There’s no existing precedent that I know of, but conceivably Apple could be compelled to sign your mal-firmware. Then you’re down to the bigger problem. The bootloader only maintains the user flash session key in the cryptochip during upgrades if the user’s key is available. If you don’t have the key, installing any firmware blows away the cryptochip’s contents, destroying any ability to access the user flash contents. So the ROM-based bootloader won’t allow you to update the OS to install your alternative version without either clearing user flash or having the user’s key in the first place.
The software that’s on device does implement brute force attacks and (if so-configured) blows away keys in the cryptochip after 10 bad guesses (with an increasing back-off delay before accepting additional guesses after the first six, making it time consuming for someone to DoS your phone by guessing keys until it wipes).
So it’s not possible to load software that ignores the brute force check without wiping what you’re trying to extract in the first place, even with Apple’s (compelled) assistance.
That works for basic access passwords since the only check is "is it right yes/no?" at one particular entry point (the login screen.) You can reset that password and they only have to "update" the one location (their password hash file.)
Encryption is a whole different beast as you're effectively password protecting every single byte on your device. Simply changing the access password won't change those bytes.
So unless they're storing your password in plaintext (or reversibly encrypted,) or they've built a master key into their algorithm then no, they can't recover your data even if they reset your password for you.
No major company with any sanity would store user passwords in a recoverable form -- way too much chance of a rogue employee or a hacker getting their hands on the file and open them up to massive lawsuits.
Similar issues if they store a "hard to get" copy of the password right on your phone -- it won't take very long before someone figures that out and how to access it and then you may as well turn off the password feature all together for all the security it would give you.
Master passwords are a little bit more likely.. not because they're any saner (for the same reasons) but its a little easier to control a single key stored in a vault somewhere than it is to control a (probably distributed) password file that needs to be accessed regularly. Of course having it in a vault is great for something like the CSS or the PS3 master keys (which were both cracked eventually of course) but less good when your level 1 or even level 2 tech support need to use it periodically..
Too bad for "standard forensics" that the passcode is mixed in with a hardware-specific key baked into the SOC. So you'll first need to be able to run arbitrary code on the individual's phone itself in order to keep guessing beyond the limit. That's going to require a significantly more intrusive examination.
Step 1: Pull the storage Step 2: Image the storage Step 3: Attempt to bruteforce it offline Step 4: Wait 30 seconds Step 5: You now have the 4 digit PIN
So you're saying their fingerprint reader just corresponds to a 4 digit pin?
Case law is slightly conflicted in different US Federal districts, but the majority are that you can’t be compelled to provide your decryption keys. They’d need evidence to throw you in prison for 30 years, and your lack of providing the key is NOT evidence.
Recent statements made by several SCOTUS justices relating to warrantless phone searches suggest that as cases involving compelled key disclosure reach the Supreme Court, they will likely be decided in favor of the defendant. IE that the 5th Amendment protects you from being compelled to turn over an encryption key to information that would be used against you.
The legal situation outside the US is of course different. In the UK in particular, you CAN be compelled to provide the key under penalty of indefinite detention.
In UK he would be in jail until he gives the passcode to the police
Yeah, but I think he figured the punishment for denying the cops access was preferable to what he would have had to suffer if the cops had gotten at the content of that hard drive and they couldn't lock him up indefinitely for refusing to decrypt his hard drive. At least not in a modern European democracy.
Only to idiots, are orders laws.
-- Henning von Tresckow
It’ll take you longer than 60 seconds. You get six tries for free. Between 6 & 7, you have to wait a minute. Between 7 & 8, it’s five minutes. I think it goes up to an hour before the 10th that wipes it is accepted.
(I just verified up to the five minute wait on my iPad. Six minutes total research is more than enough for a /. article, never mind a comment...)
I *think* iOS 7 on TouchID capable devices also pressed you to use a complex password.
You are correct, sir. That’s exactly what the crypto chip on iDevices does.
There’s no way to direct dump encrypted flash, so you’d need to desolder the flash chips, then you’re busting 2^128 keys for the raw AES key, not just looking for my luggage combination...
Security questions only get you into your iCloud login. They can’t remote unlock your phone. They can remote WIPE it, which is concerning, but it’s unlikely to help the cops gather evidence against you.
It does look like there are reset venues that would allow iCloud to restore data back to your phone after you force wipe it without the passcode (see http://support.apple.com/kb/HT...). That doesn’t appear to be the case if you backup locally to iTunes and enable encryption on that backup.
Today’s lesson: Cloud backup is generally a security risk.
I look forward to Apple stepping up and enabling client-side encryption of iCloud backups like Crashplan & Co. do with your data.
I can tell you that Law Enforcement kits can break encryption on IOS devices (new releases usually within a month of a major IOS release). They will be unable to unlock the phone regardless. I have never gone through Apple to get into an IPhone and simply use my forensics kit with a search warrant to break into the phone and do a physical extraction of it. They also say they wont unlock the phone to you however they never said anything about not giving access to complete icloud backups of imessaging and texts and everything else now did they?
If they want it to be admissible in court, then it doesn't work so well.
The trouble with that argument is that it relies on legal rather than technical barriers, and the same guys who want to get you (generic "you") are the ones making the laws.
For example, right now in the UK, the law is effectively that you can be required to provide either decrypted data or the encryption keys to various authorities, and if you don't then that is in itself an offence that can in theory get you two years in jail. Naturally this is controversial, because like many laws relating to privacy and surveillance there clearly are real dangers that the law could help to protect against but there are also real civil liberties concerns.
Regardless of the ethics of the situation, right now that is what the law in my country says. They don't need a £5 wrench, and they don't need evidence gained using that wrench to be admissible in court. All they need, essentially, is suspicion and your silence.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
There is nothing saying Apple doesn't already have your passcode. They claim they don't know it and can't unlock it even with court order but really how true do you think that is? They can unlock your phone and can see EVERYTHING stored on your account, this is just PR to make it seem like they can't which is a lie.
I am happily surprised to see Apple doing something good for once!
4096-bit encryption sounds great, but there are always ways to shave orders of magnitude off of the actual sample space, such that encryption strength really tends to grow at about the same rate as processing power.
Once you get encryption keys of that size, you've got storage and transmission issues, which increase the probability of other attack vectors working. Plus, your PRNG has to be REALLY random -- and there isn't really all that much true entropy to go around when you get right down to it.
The issue here is that as your random seed gets larger, the probability that it isn't truly random also increases, and analysis of data encrypted with this seed becomes easier through replay analysis. It won't remove the actual entropy, but forces acting on the values generated will create patterns that will still limit the amount of true entropy stored in the resulting value.
Kind of like if you flip a coin once, anyone guessing really doesn't know if it'll come up heads or tails. But if you flip a coin ten times, the method you use for flipping the coin and the environmental factors will start to have an impact on which side comes up more often, and also on the pattern of what influences a heads or tails result. If you flip the coin 2^4096 times, you'd probably be able to pretty accurately predict the result before the coin had even fully launched into the air.
Yeah; the coin experiment is often used as an example of how entropy is entropy and the probability doesn't change from toss to toss. But if you take all other factors into consideration, you limit the effect of entropy such that your guess on a given toss can actually improve over time. Try it, and you'll see I'm correct.
I think you meant to say:
But it isn't linear, it is exponential...
People with pre iPhone 5S phones use 4 digit passcodes because they don't want to enter more than that everytime they unlock their phone.
Anyone with a 5S (or 6) will use TouchID for most access and a much longer passcode for when a passcode is required.
I live in Russia. Personally, I welcome this new technology, but if it works as advertized, Apple can kiss goodbye to Russian market, because there is no way this is going to be certified in Russia. By Russian regulations, built-in crypto tools must meet certain requirements (effectively meaning the ability to decrypt the data).
I'm not actually sure if this is entirely correct. I don't think the fingerprint chip actually has the encryption key. Whenever you power-cycle an iPhone with a passcode/password, you are required to unlock it the first time with the full password. You can't unlock it with just your fingerprint.
My guess is that it needs the passcode to decrypt the contents of the databases, and then it uses the fingerprints as a quick-unlock feature when the device was put to sleep, but the keys are still in memory.
Unfortunately all you have to do is guess the first character correctly, at which point the phone will auto-correct to the correct password.
The US courts CAN compel you to disclose your keys in some specific circumstances. The canonical example was when child porn was seen on a screen and the owner managed to then turn the laptop(?) off. When rebooted it could not be seen because it was encrypted.
In that case the courts held that because the government already knew (had seen) that the kiddie porn was present they where not forcing the owner to disclose something unknown. So they could force him to hand over his keys.
All of what you're saying is correct.
However, the flaw in that is that AES-256 bit encryption today is completely and totally unbreakable.
Many people have tried, it would be a "big deal" if someone did.
Theory is nice, but let me know when 256-bit has been cracked. :)
Yes I'm sure that anybody who doesn't want their data to be read by the authorities won't be able to afford to buy an iPhone with TouchID.
5) Enjoy entering your complex password every time you want to access the phone.
One other thing to note: on iDevices, if you select a non-simple passcode that is only numbers, the device still presents the simple PIN screen instead of a full keypad. The difference is that it sticks an "OK" button in the text field that you press when you're done.
This provides a passcode of uncertain length (X choose 10, 0 x 4096 or so, realistically 16) that is still relatively easy to enter. It's not as secure as a full-on textual passcode, but it beats a 4-digit PIN even if you only use a 4-digit PIN -- as the attacker has no means to know how many digits long your PIN is -- as it *could* be "11151111" or even "1231230123123" which is pretty quick and easy to enter on a PIN pad (almost as fast as 12345), is 13 characters long, and really difficult to guess.
Ahh...
+1 to you... :)
Yea, you're right...
http://en.wikipedia.org/wiki/Briefcase_%28Microsoft_Windows%29
Basically it was an option on the "New..." section of the context menu that allowed older users to become totally befuddled by the mysterious appearance of these "My Briefcase (x)" icons all over their desktop...
Some Zip Drive users found them handy.
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
So instead of requesting access to the data, they'll request access to installing a special update to your phone that simply transmits the encryption key.
If you trust Apple to update your software, and Apple has to do whatever the government says, there's always going to be a way for the government to get your data.
AccountKiller
Not without huge advances in theoretical mathematics, no.
Cryptography relies not only on the math being correct, but the implementation as well. How sure are you that Apple implemented the random number generator properly, for instance? Maybe that 128 bit key only has 64 bits of entropy because someone screwed up. 64 bits of entropy is feasible to brute-force.
Also, only RSA relies on factoring large numbers. RSA, and other public-cryptography is only used to encrypt the key. The underlying algorithm is still generally block ciphers like AES, which aren't dependent on prime numbers.
AccountKiller
"Key escrow laws have been attempted before. And failed."
Only because they screwed up and it became public knowledge.
I assure you, the next one will be written in secret, voted on in secret, and applied in secret.
Ya fucked up the end LMFTFY.
Q.E.D. - complex passwords cause global warming.
That's only true given an assumption of there being no JTAG chain on an iPhone - I seriously doubt that. This gives you debug access to all the chips, and all you need to do is to pull the case apart and cradle the phone in a very modest bed of nails. This is sufficient to dump the flash, but not encryption keys. Unless there's a backdoor in the chip that carries the key - one can't be sure without reverse-engineering the relevant chip.
For all I know, Apple could have sneaked in JTAG access even through the lightning interface, so an encrypted dump of the flash could be done using a specialized JTAG-over-lightning bridge, without opening the phone.
A successful API design takes a mixture of software design and pedagogy.
This assumes that there are no sidechannel attacks against this storage, and that it's protected against power fluctuations. IOW: A very professional professional with a $1E6+ budget would probably be able to do something more with it than just stare at it with dismay :)
A successful API design takes a mixture of software design and pedagogy.
FOR GOD'S SAKE.
I know you guys hate Apple, and that's fine. But do try to use your brain a little bit. Do you honestly believe that the flash storage is encrypted with a 4-digit numeric key? Of course it isn't, it's encrypted with a 256-bit AES key that's generated using a per-device hardware key and the passcode (which can be much longer than a 4-digit pin if you can be bothered to type it in every time you use the phone). If you pull the hardware out of the phone, then this is the key you're going to be cracking.
Good luck with that.
True... which is why talking about large-bit encryption isn't really the issue; it's the implementations that are the issue. I was mostly rebutting the part about exponential difficulty with bitsize making your encryption more secure. I'd give *properly implemented* AES-256 another decade at least before it has any security issues whatsoever. By the time AES-256 can be cracked via brute force, the entire algorithm will be out of date, so increasing bitsize won't be much of a gain.
But it doesn't matter how many bits are used or what algorithm, or even what implementation, if even one password at, or above your level on the system being protected is in the Adobe password file, people.
id think in even a few hundred years our best encryption would be trivial to break.
Not without huge advances in theoretical mathematics, no. We have encryption that would take longer to crack than the heat death of the Universe, even if every atom in it were a modern computer.
On the other hand, advances in the factoring of large numbers, could, for example, make some modern encryption method a lot more vulnerable. But I am told, by people who do research on that topic at MIT and Caltech, that momentous breakthroughs in that area are unlikely - modest improvements, certainly, earth-shattering advancements, no.
You can model the universe forward or backward in time and everything holds up.
Just build a model of your crypto-accelerating hardware (which is actually fairly simple) in a suitably-accurate physics engine.
Set the initial state to the end state (where the output is the hash you want to reverse).
Run your reverse physics simulation.
Wait.
Get the inputs.
Whether this modeling approach is computationally feasible (or even just better than other attacks) is beside the point. The idea that there are truly one-way mathematical functions useful for security is absurd. Just because you don't know how to reverse them now doesn't mean you won't know how to reverse them in the future, or that your enemies don't know how to reverse them now. (Useless one-way functions do exist - such as f(x) = 0*x; given just an output of 0 there's no way to determine what x was.)
you won't brute force 4096-bit encryption. It would take more energy than exists in the universe, go look it up. :)
If you build a computer that does 1 check per second and uses 1 Watt, then how will the universe run out of energy, exactly? Is the energy destroyed?
Additionally, there’s no known way to make the boot loader just dump an image of the encrypted flash for you to start brute forcing on. You’d need to disassemble the phone, desolder the flash chips, and read them out in another circuit.
As I understand it, if they're serious about getting the contents of your phone and it's not unlocked / trivially made available, they just get your backup files and hack the information out of those. Encrypt your backups!
How does a copy of a drive image wipe itself after any number of failed attempts?
Apple branded rainbows and magical unicorns. I'm fuzzy on the details, but any Apple fanboy could probably explain it to you.
http://en.wikipedia.org/wiki/Briefcase_%28Microsoft_Windows%29
Basically it was an option on the "New..." section of the context menu that allowed older users to become totally befuddled by the mysterious appearance of these "My Briefcase (x)" icons all over their desktop...
Some Zip Drive users found them handy.
I found it to be very finicky and unreliable.
That's the problem with exponential functions, the human brain is too easily tricked. Doubling the bit length of a key doesn't just make it twice as hard to break.
Over the past 40-ish years, we've transitioned from 8-bit computing to 16-bit, 32 and now 64 bit is common. We might need pointers bigger than 64-bits eventually, but we will never need a pointer bigger than 256-bits in length.
The same is true of encryption, for the same reasons. We measure the strength of a crypto system based on the number of keys we would need to attempt in a brute force search. Sometimes we find mathematical short-cuts that weaken a crypto system, reducing the number of keys we need to try. But if we can't do that, we need to test every value.
Counting through all possible values of a 128-bit number would use enough energy to raise the oceans to 100 decrees Celsius and then convert all of the water to steam. This is an amount of energy that we might be able to do harness one day, if we could be bothered. Counting through all values in a 256-bit number would require capturing all of the energy released by every star we can see.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
Well, at one key per second, it wouldn't ever find the answer, now would it? :)
What I said was, checking all the keys would require more energy than there is in the universe.
http://www.reddit.com/r/theydi...
AES-256 will never be able to be brute force broken.
Never.
And I don't use that word lightly.
The energy to check all the possible keys doesn't exist.
You would have to come up with a way to run the math using energy from outside our known universe.
http://www.reddit.com/r/theydi...
Because if you are doing one check a second on a 4096 bit number you will need 6.62x10^1223 centuries to check it all! Even assuming that on average you will only have to check half the numbers, you're still well outside the expected life of the universe.
The benefits of this new system are obvious: more privacy for users, less resources needed by Apple for responding to warrants.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
My phone is still an iphone 5, and likely will be for some time. However I don't find the pass code all that onerous to enter.
#DeleteChrome
It is essentially the same problem. http://en.wikipedia.org/wiki/S...
Given a quantum computer the problem is solvable in n^3 time but we don't have a quantum computer so that algorithm sucks on the computers we do have.
I don't follow. There are about 2.5E46 molecules of water in the ocean. 2^128 ~ 3.4*10^38. Seems like you would need a lot more energy than just counting to 2^128.
New iphone announced and greeted with total indifference.
Apple tries to sweeten the deal with claim of new "unbreakable" device encryption.
Something doesn't feel right.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
anybody can serve a warrant, police are there for when a little persuasion is required.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
You're assuming that the universe is deterministic, or at least that the past is. I don't believe that to be correct. I believe the past to be as probabilistic as the future. Granted, it's probably that every backwards simulation will end up at the big bang, but in between now and then it's an uncollapsed wave function.
OTOH, I also believe in the Everett-Graham-Wheeler interpretation of quantum mechanics...but not in quite the same way that they did, as I'm considering branching to be essentially symmetric between the past and the future, so that not only does the present lead to multiple futures, but there are multiple presents connected to multiple pasts in a probabilistically branching net in both directions. Each present has multiple pasts, and each past has multiple presents (futures?). In a connected lattice that (perhaps) teminates in one single instant in the past where all the lattice links join (called the big bang) and less probably terminates in on single instant in the future where all lattice links join (called the big crunch). The big crunch, however, doesn't seem to be extremely plausible at the moment, given current knowledge and theories. And neither join is required by the theory.
FWIW, as far as I can tell this model is consistent with everything known about physics, but I'm neither a cosmologist nor a quantum mechanic.
I think we've pushed this "anyone can grow up to be president" thing too far.
"You do not have to say anything but it may harm your defence if you do not mention when questioned something you might later rely on in court."
What the caution should say, is "...it *WILL* harm your defence..."
You still have the right to silence in England, the new inference is that you are guilty until you prove your innocence (by talking to the police during the interrogation stage).
(also, that by remaining completely silent you're more than likely to be sectioned under the Mental Health Act, the Official Solicitor is called in and your most basic human rights are abrogated including your right to not be experimented on like a lab rat).
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
This. Hardware specific keys are the killer for any forensic attempt. It makes breaking a copied image totally impossible (otherwise what would be the point?). Combine that with a baked bruteforce/tamper killswitch, and you have a secured drive that has just one weakness: the ability of its owner (or not) to resist the charms of law enforcement.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
How does a copy of a drive image wipe itself after any number of failed attempts?
Ideally, if the actual key encrypted with the passcode is stored on a tamper-resistant hardware chip, so the "image" will not contain a vital hardware element needed to produce the actual key.
And 10 failed attempts results in the chip memory contents being "zapped"
https://www.schneier.com/book-...;
To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. Given that k = 1.38 × 10^16 erg/K, and that the ambient temperature of the universe is 3.2 Kelvin, an ideal computer running at 3.2 K would consume 4.4 × 10^16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.
So 4.4 × 10^-23 Joules minimum per bit flip * minimum of 2^128 bit flips = 1.4 * 10^16 J. Though of course our current computers are far from ideal and it would take many bit flips to test each key. Unless someone has a better source for the energy cost of computation?
https://blogs.oracle.com/bonwi...
The mass of the oceans is about 1.4x10^21 kg. It takes about 4,000 J to raise the temperature of 1 kg of water by 1 degree Celcius, and thus about 400,000 J to heat 1 kg of water from freezing to boiling. The latent heat of vaporization adds another 2 million J/kg. Thus the energy required to boil the oceans is about 2.4x10^6 J/kg * 1.4x10^21 kg = 3.4x10^27 J
So an ideal computer might be able to count to 2^128 without boiling the oceans (doh). It would take a 10^11 increase in energy usage per bit before boiling the oceans was impossible to avoid.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
This. Hardware specific keys are the killer for any forensic attempt. It makes breaking a copied image totally impossible
Apple obviously has an image that is not locked to specific hardware, when you take a backup. As it's possible to restore to a different device!
The law can just send Apple an order to deliver THAT version of the image.
That would probably be illegal in a bunch of contexts on the basis of overly broad seizure (effectively a so-called 'general warrant'). And then there's the statute of limitations. What you propose would be a serious problem for people that have committed crimes like rape or murder, but fuck those people. ...then again, if the cops were smart they'd seize encrypted images from all suspects on the off chance that one of them is the killer and that they would be able to decrypt at some point in the future. That could be the new DNA evidence for solving cold case files.
Until we have quantum computers, which probably isn't that far off now.
It's going to be interesting when spy agencies get them and start decrypting all that decades old data they could never get into before.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
So a cop just has to say he saw something illegal, honest and you lose your 5th Amendment rights?
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Here you're naively presuming AES 256 is substantially more secure than AES 128. I suggest you google what Schneier has to say about it.
No, what I said is that AES-256 can't be brute force broken by trying all possible keys.
There are too many of them.
There could be other ways to break them. The easy example is to find the person who knows the key and make them tell you.
Other examples are in a flawed implantation or sloppy programming of some sort, or some other trick to find out the key.
But you can't brute force break it. The key space is too large. You could take all the computers in the world and give them a billion years to work on it and they wouldn't make a dent.
I'm no crypto expert, but I do know math.
Well the only way you can unlock it is by tapping in the pass-code. If you have it configured correctly then it will wipe after 10 attempts. After the 6th attempt it will disable for 1 minute. So you either have 10 chances which will take several minutes to complete. On the other hand to brute force you would have to do this in batches of 4-5 tries, with the owner correctly unlocking between attempts and not being suspicious. It would probably be easier just to use a "hard hack" such as torture or assault to get the pass-code or setup a camera.
Of course the touch-id is a potential weakness, but also a strength as it prevents over the shoulder interception of the pin, while the PIN is still needed from time-to-time.
I would be pretty happy with a 4 digit "simple" pass-code in this situation. It's secure enough for me. I'd rather not encourage "hard hacks".
Jason.
And you can enter only numbers, and the password input will look like pass code import, but with unlimited numbers.
It is a bit worse than that. k = 1.38x 10^(-16) erg/K you are using 10^32 too much energy due to a sign flip. OTOH I'll grant K = 290 rather than 3.2K since I'd assume the computer was on earth not in deep space.
There is also one more complication in that calculation, cooling. This isn't going to matter if you are running the computation fast. But once we get to about 1000 years it throws your numbers way off. We throw off 3.9 x 10^24 J of heat from the sun per year at the current temperature. We'd be throwing off heat much faster with an atmosphere containing the oceans. So it isn't a situation where we throw off more heat essentially linearly as the temperature rises. As a back of the envelope calculation earth's energy loss goes up by 50% per 10C i.e. the hotter it is the thicker the atmosphere (due to water) the more heat loss. I have no idea what happens with an atmosphere with a huge chunk of the ocean in but, but just extrapolating to raise the surface temperature to 100C I'm thinking you are losing around 5 x 10^25 J / year due to cooling.
So I'm thinking your quip works for 256 bits if the computation occurs in reasonable time (say a years, decade, a few centuries) but if you let it go slower....
Interesting conversation.
Weird, the minus sign was there, but /. seems to have dropped it, perhaps because it was quoted. Note that I included it when converting to Joules.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
You are right, you did include that in your 4.4e-23
Test: 10^-16 (10 carrot -16)
The energy argument only applies to brute forcing using irreversible computing. If you compute reversibly you can do any computation in arbitrarily small energy.
I believe this is correct.
True, but if the police have you, and you refuse to unlock the phone (and Apple says they cannot), I suspect they can get your fingerprint pretty easily.
Irrelevant in any case because if served with a warrant they would just capture your password and use it to decrypt your key.
The only way they cant do that is if the data were delivered to you, and the password were entered locally to decrypt the data.
Then its a ton of handwaving that accomplishes nothing.
At the end of the day, no matter how many layers of obfuscation you add, there is a single passphrase at the backend that unlocks a primary master key that can get the rest of the directory keys. You accomplish nothing by using additional encryption keys for every directory; any bruteforce attack would focus on attacking the header which contains the master key.
Theres a reason that basically every FDE solution works this way.
You would uncouple the storage from the device physically. This could mean unsoldering the chips, or going in through a JTAG interface, or soldering a connection in, or any of a number of other ways.
There is an old axiom that has always been true. If you physically have possession of the hardware, you control the hardware. We learn this every console generation when people try to implement more and more Rube Goldbergesque methods of separating ownership of hardware from control, and fail each time.
Consider the possibility that the passcode protection could actually be enforced right down to the individual chip level,
Theres the controller (which you would remove, or disable said protection on), and theres the actual flash chips (which you would take an image of prior to doing anything whatsoever).
There are forensics tools for all of this, Im a little baffled that this is apparently news to people. If the cops get your hardware, there will be an image of the device and all of their bruteforcing will be done offline against said image-- not on your specially locked down hardware.
But do try to use your brain a little bit. Do you honestly believe that the flash storage is encrypted with a 4-digit numeric key? Of course it isn't, it's encrypted with a 256-bit AES key that's generated using a per-device hardware key and the passcode
Which is irrelevant, because that 256-bit AES key is stored ondisk in a header which is encrypted................ WITH THE 4 DIGIT PIN.
This is how EVERY SINGLE FDE WORKS. Apple isnt doing anything new, and if they are, you should be worried because getting security right is very hard. Whatever your PIN or passphrase is, it is fundamentally the thing that unlocks access to the device, no matter how much obfuscation you throw inbetween the input of that PIN and the process of decrypting the data. Any attack on your device will be focused on the PIN, as it will always be the weakest link in the chain.
Having worked with FDE solutions for years, I am well aware of how the "Passphrase-->AES key-->Data" process works, and its not foolproof if you use a weak passphrase. And the fun bit is, if your passphrase is shorter than ~10 characters mixed, you arent keeping law enforcement out.
A double post because I wanted to follow up on something.
I know you guys hate Apple,
I dont hate Apple. I think they are really good at many things, including user interface, and they make some fine products.
What I absolutely hate is the culture around their products that assumes that theyre always doing something new and different, and that anyone who doesnt think their products are magical is a naysayer. Full disk encryption is a problem that has been solved for 15-20 years now and everyone does it the same way, because that way works. The claim that Im getting it wrong when you apparently have NO IDEA what the threat model for attacking FDE is, is mind boggling.
Do you honestly think that Apple understands crypto better than the folks at Truecrypt, or dmcrypt / LUKS? That somehow their magical system makes them immune to attacks on the passphrase? Has it occurred to you that there can be threat models that are entirely dependent on the user, and no magical engineering on the part of Apple can possibly fix?
No, of course not; I point out a real world, well known way of attacking FDE, and clearly Im an Apple hater. Heres a news flash: Its a company that makes devices. I really do not care day to day what devices they make-- just dont try to tell me that theyve solved problems that noone else has managed to solve yet (like weak passphrases in encryption schemes) because they havent.
In disk encryption schemes, there is generally a header at the start of the disk, containing the disk's encryption key. This header is itself encrypted, with your passphrase.
This works because the actual encryption key never needs to change; if you ever need to change your encryption passphrase, the system will use your current passphrase to decrypt the existing AES key, will use your new passphrase to re-encrypt the AES key, and will write it back into the header. If you did not use this scheme and instead used the passphrase, you would have to reencrypt the entire disk whenever it changed.
Cracking the AES key would thus involve
1) Take an image of the entire disk
2) Pick a new passphrase to check.
a) Hash the passphrase
3) attempt to decrypt the header with the hashed passphrase from 2a
4) attempt to get valid data from the disk using the results of step 3
5) Do you have valid data?
--> Yes: You now have the correct passphrase and Key.
--> No: You have the wrong key, go to step 2 and continue.
A single iteration of steps 2-5 will depend on the exact algorithms and hashing schemes used. If for example no salt is used to generate the hash in step 2, and you use a single round of hashing / encryption, you could perform thousands or millions of attempts per second. I believe on the iPhone they shoot for ~0.2sec per attempt on iPhone hardware, which could mean several thousand attempts on a high-end workstation, and several million attempts on a large cluster.
The USG has many secrets. No laws are among them. The occasional secret executive orders tend to run intro trouble when they run afoul of the commercial sector. Presidents get spanked.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
It's still impossible to break a 128-bit key by brute force, unless you're very, very, very, very,...,very, very lucky. The only reason to use more would be that you expect an attack on the cipher that will make it far easier to solve. I've read that, if we can ever make 128-qubit quantum computers (which may be impossible for us to actually implement), the effective key length might be halved, so I'd suggest 256-bit keys to be really future-proof.
This applies to any cipher where all possible numbers of the key length can be used as keys, which doesn't apply to the asymmetric ciphers I know of. Also, it assumes that there will be no tremendously effective break. (For the theoretically minded, note that all cipher systems are in NP, so a general solution of NP problems would include all crypto.)
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
The other problem with this approach is that it requires having the owner in custody, and being willing to torture information out of the owner. This is a much higher bar than just having the phone available. LEOs would like to be able to stick a cable in your phone and suck everything out on the spot, or at least be able to confiscate the phone and send it in.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Brute-forcing a 256-bit key (or even a 128-bit key) is not going to happen without changing the laws of physics. The old 56-bit DES key (actually 64 bits, but only 56 of entropy) was vulnerable to being brute-forced. Going from there to a 256-bit key is increasing the amount of work needed by a factor of about 10^60.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
For a 256-bit key, I suspect that collecting the results from the necessary parallel universes would take longer than the expected lifespan of the universe.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
...is that you shouldn't leave your device where your child can get at it and start typing random passwords, unless you want it wiped regularly.
Then you run into time and storage constraints.
You could have a trillion supercomputers running at a trillion keys per second, and you'd need trillions of times longer than the age of the universe.
How would you measure progress and store it?
The size of the numbers is larger than many people suspect, it is more an academic question than a practical one.
I seem to remember from my studies years ago that it's all in the language a statement is couched in.. As per the title of the post, "Apple will not unlock" iDevices in future, or "Apple can not unlock" iDevices.. I am sure that "will not" would leave one open to contempt, but "can not" is safe harbour.. Anyone know?
Only if you chose to use a 4 digit passcode. Mine is much longer. Plus, you only have 10 tries.
If by that you mean "all of us" because that is the case right now. The fact that you got +5 insightful is real proof that people around here are not as good at math as they think they are.
64-bit keys are considered pretty weak, but not trivial to break, so lets assume that you have a computer so fast you can break one of those keys every second, i.e. it does 2^64 key checks per second. Don't worry about the fact that it would take a computer a million times faster than the fastest super computer in existence now to do that, we're just estimating. Now, even with that ridiculously awesome super computer, it would still take you 10 times the lifetime of the universe to break a 128-bit key. So unless there is some theoretical break on the cipher, 128 bits is secure for a very, very long time to come.
My interpretation is fully deterministic in the same sense that their was. Probabilistic is meant in the "sum over histories" sense that multiple histories yield the same present, so you can't reasonably pick just one and say "That's what came earlier", but you instead have a spread of probabilities of linkage. I interpret that probability as the strength (weight) of the link. From each past the probabilities to all the futures it links to sum to 1. Similarly from each present the probabilities of all the pasts it links to sum to 1.
The difference between out models is that EWG, at least in the presentation that I read, only considered forwards (toward the future) links. I see no reason to believe that this is a correct interpretation. (I'm not sure about chronology, but I believe the EWG model was created prior to Feynman's Sum over Histories approach being derived. This difference is probably the result of that.)
I think we've pushed this "anyone can grow up to be president" thing too far.
citation.
Anyone can request anything from the courts. What matters is whether the courts gave it to them. In this case, the courts DID NOT compel him to produce his password/encryption key. That's the "ORDER DENYING...." part.
My previous point still stands but I have no doubt the government will keep trying and we, the people, will keep having to reassert our 5th amendment.