That's a good question, but the trouble is that security always comes at the cost of usability. If Apple encrypted your backups with (say) an encryption key derived from your iCloud password, then forgetting and subsequently resetting your password would render all of those backups inaccessible. Clearly Apple considered this to be an unacceptable compromise, and in consequence the FBI can access your iCloud data at their convenience.
In fact, this is the case with all of the online backup services of which I am aware. I have, for instance, forgotten my dropbox password in the past. I reset it via my email, and was still able to access my data. Therefore it is either unencrypted, or encrypted using a key that dropbox have access to. The only service that I know of that really encrypts your data is mega.nz. If your forget your mega.nz password, then your data is gone for good.
The encryption key consists of several parts, one of which is the passphrase. If you have all of those parts, and the passphrase is just a four digit PIN, then the brute force is trivial. If you don't have the passphrase, and it's of sufficient length, then the brute force is all but impossible.
If the phone in question had been locked with a long passphrase, then the FBI's strategy wouldn't work. Time to change our passphrases folks.
You would literally need to go into the hardware, probably with some really really deep forensic analysis of the chip itself and read registers in the on chip memory all of which would likely destroy the chip before you could read anything.
And even that wouldn't help you, if you didn't have the passphrase, and there was enough entropy in the passphrase to make brute-forcing it impractical.
Your iPhone backups are encrypted too. And if you use a good passphrase for your phone, then the 'backdoor' that the FBI wants will only allow them to spend a thousand years cracking your phone. It's not a backdoor either. iOS security is better than Android security. Sorry. If this was an Android phone, we wouldn't be having this discussion, because the FBI would already have the data.
And, if you use a sufficiently strong passcode on your iOS device, then your data is safe. All the update is question can do is brute-force a four-digit pin. If you used a nice long passphrase, then the brute forcing becomes impractical. Without the passphrase, the AES-256-CTR (I think..) key that encrypts all the data on your iPhone cannot be recovered.
Of course, you'd better make sure that every communication that goes through any data service, whether postal, or internet, or telephone, or whatever, is also encrypted with industrial-strength keys. But of course, you already do that, right?
Um. That's great. Nirvana's "Bleach" was recorded on 8 track, using dynamic mics and guitar amps. Of course you can record on anything, if reliability isn't too much of an issue. Particularly if you're recording through a mixer anyway, in which case your recording software is a bit irrelevant. You just mic up, set the levels and EQs and what-have-you, and push record.
If you're doing real multi-track recording through a proper multi-track audio interface, like the Steinberg UR824 that a friend of mine uses in his home recording studio, then Linux isn't an option. Period. Especially if reliability is important, which it really really really is. You can't stop a band in the middle of their performance because your OS is a bit shit. They won't come back for a second try.
PS. That video is painful to watch. Maybe that was the point, but even so.
iPhones won't even charge at 500mA from a standard USB jack? That's really shitty.
Don't be silly, of course they charge from a standard USB jack - such as one might find on the side of a computer. They may or may not charge from a third party USB power adaptor however, although I've personally never found a USB power adaptor that an iPhone complained about.
So I read that, and I'm confused. The backdoored OS as described in the letter wouldn't help the FBI break into this phone, because you can't install it without the passcode anyway.
It's about terrorizing Americans into accepting government backdoors.
Bingo. We all know the encryption is basically unbreakable, but this is about making sure that the general public know too, and getting them all worried about it.
iPhones use full-encryption by default on every device, and if you use a pin the encryption becomes more or less physically unbreakable. This is just another way in which the much-criticised iOS is very significantly superior to Android. Encryption hardware, and locked boot loaders, are what make these devices pretty much bulletproof from a data security point of view.
If your data is on an iPhone, and you have a PIN, it's completely safe from any attack other than the $5 wrench. Well, that's assuming that you believe Apple, but why would they lie about that? The stuff they're talking about is industry standard stuff anyway - it's not like the invented anything new, they just made unbreakable hardware encryption available to the masses. For better or for worse.
It should be possible to bypass the erase operation
I'm pretty sure these keys aren't stored in the flash, but are stored on the chip itself. Nothing that goes over any of the buses is going to help you get the key, and nor is anything that's stored on the flash. You should have a look at this which I think has already been liked to from this thread, but is well worth a read. If it's actually true, then the FBI doesn't have a hope in decrypting this or any other iPhone.
But a possible outcome of this, and perhaps the FBI see this case as a first step, is forcing Apple to (say) encrypt the device keys with asymmetric encryption, using a key pair that they own. And by forcing Apple, I mean forcing everyone.
You have to store the answers to the "security questions", because sometimes websites will require you to know them, even if you have your password. It's happened to me more than once.
Well. That's pretty stupid. In that case I guess you're stuck, and your random answers are a pretty good idea. I don't know that most password managers actually support 'security questions' without creating a whole new entry for each one - the one I use (keepass) certainly doesn't. It's time that we used a hardware security dongle - you know, like we do with doors - to allow people into their accounts.
But the whole point of the 'security questions', is that you've lost your password. If you're using a password manager to store your passwords already, then there's no point using it to store your answers, because then you'd have your actual password, and wouldn't need the 'security questions'.
You might as well type in random text, and not even bother to remember it, if you're going to use a password manager to store it. I hate the things too.
He's not saying anything of the sort. He's saying that Twitter is full of thoughtless and rude trolls, and he closed his account in consequence. Rather exactly what one is supposed to do. He couldn't stand the heat (who could? Twitter is awful), and so he got out of the kitchen. Smart move. No mention of 'freedom of speech' either directly or obliquely in his subsequent comments, as far as I can tell. Added to which, is the fact that Stephen Fry is English, where 'freedom of speech', isn't even a protected concept.
So wait - he closed his twitter account, and that makes him an attention whore?
Dammed if you do, and dammed if you don't, I guess. He does have a good point though, Twitter genuinely is a waste of technology. I defy anyone to point to anything even halfway interesting or significant that has ever been posted on that site.
This is, nobody does want to wear goggles on their head. Friend of mine has a 3D TV. We sat there and watched a 3D movie on it once. That was it. Never bothered again. Not worth the stupid headgear, and that was only the passive polarised things.
All power supply input pins should be protected against reverse voltage. It's simple, and comprises a single FET. See here, for instance. There's not really any excuse for failing to protect internal components against reverse voltage, other than being cheap. I think we can thank the endless race to the bottom that consumer electronics is infamous for.
What on earth are the 'university police'? Are they real police, or pretend private police without any actual authority. If you have illegal activity on campus, then the real police can come along.
My understanding is that one of the demands was for all students to have mandatory sensitivity training.
Ok. Is this actually true? And who demanded it? How many people? Just the one? Did it actually happen?
Seems like this thread is devoted to giving minority views a great deal of airtime, in order to complain about the amount of airtime that they get.
Let's move on. Cleese isn't funny anymore, which is a shame, but I think we can safely ignore him complaining that he has been 'warned' by someone. He doesn't say by whom, and what exactly that warning might have contained. Perhaps he was being warned about not trying to be a stand up comedian? It's not like he came from stand up anyway. It's not really his area.
We know perfectly well who he is. It doesn't mean he's still funny.
Of course, not being funny isn't a crime. And he should be free to perform whatever material he thinks is funny. And then, if no-one likes it, no-one will show up, and hopefully he'll go away.
He is a bit past his sell-by date, you have to admit.
Slashdot Mirror
No-one will buy this phone. Everyone forgets their passwords all the time, and punishing them by destroying their data will not go down very well.
That's a good question, but the trouble is that security always comes at the cost of usability. If Apple encrypted your backups with (say) an encryption key derived from your iCloud password, then forgetting and subsequently resetting your password would render all of those backups inaccessible. Clearly Apple considered this to be an unacceptable compromise, and in consequence the FBI can access your iCloud data at their convenience.
In fact, this is the case with all of the online backup services of which I am aware. I have, for instance, forgotten my dropbox password in the past. I reset it via my email, and was still able to access my data. Therefore it is either unencrypted, or encrypted using a key that dropbox have access to. The only service that I know of that really encrypts your data is mega.nz. If your forget your mega.nz password, then your data is gone for good.
The encryption key consists of several parts, one of which is the passphrase. If you have all of those parts, and the passphrase is just a four digit PIN, then the brute force is trivial. If you don't have the passphrase, and it's of sufficient length, then the brute force is all but impossible.
If the phone in question had been locked with a long passphrase, then the FBI's strategy wouldn't work. Time to change our passphrases folks.
You would literally need to go into the hardware, probably with some really really deep forensic analysis of the chip itself and read registers in the on chip memory all of which would likely destroy the chip before you could read anything.
And even that wouldn't help you, if you didn't have the passphrase, and there was enough entropy in the passphrase to make brute-forcing it impractical.
God.
Your iPhone backups are encrypted too. And if you use a good passphrase for your phone, then the 'backdoor' that the FBI wants will only allow them to spend a thousand years cracking your phone. It's not a backdoor either. iOS security is better than Android security. Sorry. If this was an Android phone, we wouldn't be having this discussion, because the FBI would already have the data.
And, if you use a sufficiently strong passcode on your iOS device, then your data is safe. All the update is question can do is brute-force a four-digit pin. If you used a nice long passphrase, then the brute forcing becomes impractical. Without the passphrase, the AES-256-CTR (I think..) key that encrypts all the data on your iPhone cannot be recovered.
Of course, you'd better make sure that every communication that goes through any data service, whether postal, or internet, or telephone, or whatever, is also encrypted with industrial-strength keys. But of course, you already do that, right?
doesn't trust it backing up to iCloud.
Silly silly... What about backing up to google instead? You can do that with your calendars in case you hate iCloud.
The FBI want to break into an older phone, which doesn't have the hardware security module. That's probably possible to do.
Um. That's great. Nirvana's "Bleach" was recorded on 8 track, using dynamic mics and guitar amps. Of course you can record on anything, if reliability isn't too much of an issue. Particularly if you're recording through a mixer anyway, in which case your recording software is a bit irrelevant. You just mic up, set the levels and EQs and what-have-you, and push record.
If you're doing real multi-track recording through a proper multi-track audio interface, like the Steinberg UR824 that a friend of mine uses in his home recording studio, then Linux isn't an option. Period. Especially if reliability is important, which it really really really is. You can't stop a band in the middle of their performance because your OS is a bit shit. They won't come back for a second try.
PS. That video is painful to watch. Maybe that was the point, but even so.
Audacity is fairly rubbish though. You can't even tweak the EQ while you're listening to the track. All edits are destructive.
iPhones won't even charge at 500mA from a standard USB jack? That's really shitty.
Don't be silly, of course they charge from a standard USB jack - such as one might find on the side of a computer. They may or may not charge from a third party USB power adaptor however, although I've personally never found a USB power adaptor that an iPhone complained about.
So I read that, and I'm confused. The backdoored OS as described in the letter wouldn't help the FBI break into this phone, because you can't install it without the passcode anyway.
It's about terrorizing Americans into accepting government backdoors.
Bingo. We all know the encryption is basically unbreakable, but this is about making sure that the general public know too, and getting them all worried about it.
iPhones use full-encryption by default on every device, and if you use a pin the encryption becomes more or less physically unbreakable. This is just another way in which the much-criticised iOS is very significantly superior to Android. Encryption hardware, and locked boot loaders, are what make these devices pretty much bulletproof from a data security point of view.
If your data is on an iPhone, and you have a PIN, it's completely safe from any attack other than the $5 wrench. Well, that's assuming that you believe Apple, but why would they lie about that? The stuff they're talking about is industry standard stuff anyway - it's not like the invented anything new, they just made unbreakable hardware encryption available to the masses. For better or for worse.
It should be possible to bypass the erase operation
I'm pretty sure these keys aren't stored in the flash, but are stored on the chip itself. Nothing that goes over any of the buses is going to help you get the key, and nor is anything that's stored on the flash. You should have a look at this which I think has already been liked to from this thread, but is well worth a read. If it's actually true, then the FBI doesn't have a hope in decrypting this or any other iPhone.
But a possible outcome of this, and perhaps the FBI see this case as a first step, is forcing Apple to (say) encrypt the device keys with asymmetric encryption, using a key pair that they own. And by forcing Apple, I mean forcing everyone.
You have to store the answers to the "security questions", because sometimes websites will require you to know them, even if you have your password. It's happened to me more than once.
Well. That's pretty stupid. In that case I guess you're stuck, and your random answers are a pretty good idea. I don't know that most password managers actually support 'security questions' without creating a whole new entry for each one - the one I use (keepass) certainly doesn't. It's time that we used a hardware security dongle - you know, like we do with doors - to allow people into their accounts.
But the whole point of the 'security questions', is that you've lost your password. If you're using a password manager to store your passwords already, then there's no point using it to store your answers, because then you'd have your actual password, and wouldn't need the 'security questions'.
You might as well type in random text, and not even bother to remember it, if you're going to use a password manager to store it. I hate the things too.
He's not saying anything of the sort. He's saying that Twitter is full of thoughtless and rude trolls, and he closed his account in consequence. Rather exactly what one is supposed to do. He couldn't stand the heat (who could? Twitter is awful), and so he got out of the kitchen. Smart move. No mention of 'freedom of speech' either directly or obliquely in his subsequent comments, as far as I can tell. Added to which, is the fact that Stephen Fry is English, where 'freedom of speech', isn't even a protected concept.
So wait - he closed his twitter account, and that makes him an attention whore?
Dammed if you do, and dammed if you don't, I guess. He does have a good point though, Twitter genuinely is a waste of technology. I defy anyone to point to anything even halfway interesting or significant that has ever been posted on that site.
I have one in my laptop. It was worth the cost.
nobody wants to wear goggles on their head
This is, nobody does want to wear goggles on their head. Friend of mine has a 3D TV. We sat there and watched a 3D movie on it once. That was it. Never bothered again. Not worth the stupid headgear, and that was only the passive polarised things.
reverse voltage is actually somewhat rare.
All power supply input pins should be protected against reverse voltage. It's simple, and comprises a single FET. See here, for instance. There's not really any excuse for failing to protect internal components against reverse voltage, other than being cheap. I think we can thank the endless race to the bottom that consumer electronics is infamous for.
the university police
What on earth are the 'university police'? Are they real police, or pretend private police without any actual authority. If you have illegal activity on campus, then the real police can come along.
My understanding is that one of the demands was for all students to have mandatory sensitivity training.
Ok. Is this actually true? And who demanded it? How many people? Just the one? Did it actually happen?
Seems like this thread is devoted to giving minority views a great deal of airtime, in order to complain about the amount of airtime that they get.
Let's move on. Cleese isn't funny anymore, which is a shame, but I think we can safely ignore him complaining that he has been 'warned' by someone. He doesn't say by whom, and what exactly that warning might have contained. Perhaps he was being warned about not trying to be a stand up comedian? It's not like he came from stand up anyway. It's not really his area.
We know perfectly well who he is. It doesn't mean he's still funny.
Of course, not being funny isn't a crime. And he should be free to perform whatever material he thinks is funny. And then, if no-one likes it, no-one will show up, and hopefully he'll go away.
He is a bit past his sell-by date, you have to admit.
heterophobia
That's a new one.