This is a laughably stupid comment. You have obviously never worked with children or talked to someone that is a teacher. It is an incredibly difficult job that most people are not cut out for. Knowing something and being able to effectively teach it to children, whose brains are at various stages of development, are two entirely different things.
You are advocating population control in a situation where the birth rate is far below replacement.
Population control implies that someone is telling you not to have children. I am advocating women having the ability to choose for themselves. If you had to push a 10 pound baby out of your dick I am confident you would change your mind on this issue.
Are the babies going to starve? Are they going to be deprived of education?
Uhhh... yes actually. Have you not heard of the plight of inner city school systems? Or that people like you are desperately trying to reduce welfare benefits for poor mothers that are "stealing your tax money"? You can't possibly think that it is easy to have a baby when you are a single mother making minimum wage, with no family support to help you out. Conservatives seem to care a whole lot about babies until they are actually born, then whatever, fuck 'em. Birth control is about choices.
When did I imply that I did not understand that. I was just pointing out that they are all less than 1000 miles away from the center of EU government so you are being a dick and you have no point to make.
I'm pretty positive there isn't, or else if there is we have much bigger problems than our iPhones. Literally all of internet security relies on hash functions. If they are broken then we might as well just give up.
Also, testing if something is "able to be decrypted" implicitly relies on a hash because how else do you know if what you decrypted is valid? If you use something simple like a checksum or padding to check, it actually leads to an attack that can be used to decrypt the file called a padding oracle attack https://en.wikipedia.org/wiki/...
Yes there will always be collisions, in fact infinitely many, but it is computationally infeasible to find them. To date there have never been found two inputs that create the same hash in SHA-2. Since the output is 256 bits, you would have to try about 2^128 inputs in expectation before you find one, which is quite a few. You would need something like 10^20 times more storage than exists on the whole planet.
This security document from Apple implies that every stage of the boot process does a complete verification on the next stage before booting continues, first the Low Level Bootloader, then iBoot and finally the iOS kernel. So you could mess with the userland stuff but not the kernel. If you think about it, the whole boot chain including the kernel is probably only 10 MB or less. That is not so burdensome to verify every boot.
That is interesting, I didn't know that it wasn't checked during boot. That seems like a bad idea. As to whether or not some people can break cryptographic hashes, I would lean toward not. It is not a matter of computing power, but some theoretic break on the algorithm itself. And a lot of really smart people in academia have been looking at, for instance, SHA-2 for over 15 years now with no substantial attacks.
Encrypting the kernel image didn't do anything to protect user data though, since it is decrypted during boot time so the phone can actually run. It was done, presumably, to prevent people from decompiling the binary and trying to find holes in it to make jailbreaks and such. Once the phone is booted, the kernel will of course refuse to dump itself so it only needs to be protected while the device is off.
Usually the firmwares are checked with a cryptographic hash though, so it is not as simple as just fiddling with it a bit to make the checksum match. It should be (nearly) impossible to make changes to the binary without them being detected.
Then please explain to me why there are tons of models of the phone that don't have their keys extracted yet. They are specifically designed to not have the key leave the enclave. Why don't you go ahead and do it then since you're some kind of expert and it's so easy? The jailbreak community would appreciate it. Or just keep talking out of your ass on Slashdot.
That's actually not how it works. The decryption key is burned into the processor, that is why there is a different firmware image for different versions of the phone. Only some of the phone versions (older ones) have had their keys extracted and released. Also, with new technologies like SGX (shipped in some current desktop CPUs and soon phones) software publishers will be able to write code that can only be decrypted in the hardware's trusted enclave, so the key can never be observed. So stop yelling please when you don't know what you're talking about.
I'm not sure you understand what this does. You might as well say how long do you think it will take for someone to make a fake Gmail app that steals your Google password? Or any other service for that matter? It is a completely orthogonal question to this topic.
Interestingly, the reason AES-256 is vulnerable to this related key attack is because it uses a modified key schedule compared to AES-128. AES-128 is not vulnerable to any significant related key attacks, so in that respect it is actually more secure than AES-256. As far as I am aware, the fastest attack in any model against AES-128 runs in time something like 2^125. So, I don't think it is fair to call it quits on AES just yet. Also, some prominent cryptographers like Bruce Schneier have suggested that simple increasing the number of rounds in AES-128 would eliminate most if not all of the attacks on it.
EIC phases out at $37k for an entire FAMILY, with children. That is extremely poor. Would you say a family of five making $40k is middle clas? Unless they are living somewhere with insanely low cost of living (few and far between these days), that is not a lot of money to get by on.
Let me guess, you are basing this on an episode of The Wire that you saw? Because you definitely did not truly and honestly, with no prejudices, interact with poor people and come away with that opinion.
Most encryption is not developed by US companies, it is developed by academics, who are famously difficult to censor or control. Also as other people have said, lots of those academics are not Americans.
It doesn't matter who developed it, the thing that doesn't seem to fit into his world view is that the details for all these encryption schemes are already out there. Anyone with halfway decent coding ability can implement them from the the specs to get an encryption library with no backdoor. And the crypto that we have now, by all estimations, should be more than good enough for the next few decades.
Slashdot Mirror
You know, sometimes one of the two people doesn't have a choice in the matter.
Almost ANYONE with a college education can teach.
This is a laughably stupid comment. You have obviously never worked with children or talked to someone that is a teacher. It is an incredibly difficult job that most people are not cut out for. Knowing something and being able to effectively teach it to children, whose brains are at various stages of development, are two entirely different things.
You are advocating population control in a situation where the birth rate is far below replacement.
Population control implies that someone is telling you not to have children. I am advocating women having the ability to choose for themselves. If you had to push a 10 pound baby out of your dick I am confident you would change your mind on this issue.
Are the babies going to starve? Are they going to be deprived of education?
Uhhh... yes actually. Have you not heard of the plight of inner city school systems? Or that people like you are desperately trying to reduce welfare benefits for poor mothers that are "stealing your tax money"? You can't possibly think that it is easy to have a baby when you are a single mother making minimum wage, with no family support to help you out. Conservatives seem to care a whole lot about babies until they are actually born, then whatever, fuck 'em. Birth control is about choices.
When did I imply that I did not understand that. I was just pointing out that they are all less than 1000 miles away from the center of EU government so you are being a dick and you have no point to make.
All much less than 1000 miles, so maybe stop calling people names when you are the one that can't read a map.
I'm pretty positive there isn't, or else if there is we have much bigger problems than our iPhones. Literally all of internet security relies on hash functions. If they are broken then we might as well just give up.
Also, testing if something is "able to be decrypted" implicitly relies on a hash because how else do you know if what you decrypted is valid? If you use something simple like a checksum or padding to check, it actually leads to an attack that can be used to decrypt the file called a padding oracle attack https://en.wikipedia.org/wiki/...
Yes there will always be collisions, in fact infinitely many, but it is computationally infeasible to find them. To date there have never been found two inputs that create the same hash in SHA-2. Since the output is 256 bits, you would have to try about 2^128 inputs in expectation before you find one, which is quite a few. You would need something like 10^20 times more storage than exists on the whole planet.
Whoops forgot to put the URL https://www.apple.com/business...
This security document from Apple implies that every stage of the boot process does a complete verification on the next stage before booting continues, first the Low Level Bootloader, then iBoot and finally the iOS kernel. So you could mess with the userland stuff but not the kernel. If you think about it, the whole boot chain including the kernel is probably only 10 MB or less. That is not so burdensome to verify every boot.
That is interesting, I didn't know that it wasn't checked during boot. That seems like a bad idea. As to whether or not some people can break cryptographic hashes, I would lean toward not. It is not a matter of computing power, but some theoretic break on the algorithm itself. And a lot of really smart people in academia have been looking at, for instance, SHA-2 for over 15 years now with no substantial attacks.
Encrypting the kernel image didn't do anything to protect user data though, since it is decrypted during boot time so the phone can actually run. It was done, presumably, to prevent people from decompiling the binary and trying to find holes in it to make jailbreaks and such. Once the phone is booted, the kernel will of course refuse to dump itself so it only needs to be protected while the device is off.
Usually the firmwares are checked with a cryptographic hash though, so it is not as simple as just fiddling with it a bit to make the checksum match. It should be (nearly) impossible to make changes to the binary without them being detected.
Good point, that is true, but it is a bit of a chicken and egg problem. People want the unencrypted kernel code so they can make jailbreaks.
Then please explain to me why there are tons of models of the phone that don't have their keys extracted yet. They are specifically designed to not have the key leave the enclave. Why don't you go ahead and do it then since you're some kind of expert and it's so easy? The jailbreak community would appreciate it. Or just keep talking out of your ass on Slashdot.
Kernel cache is what they call the encrypted container that has the kernel in it. The article is not wrong, just a nonstandard use of the term.
That's actually not how it works. The decryption key is burned into the processor, that is why there is a different firmware image for different versions of the phone. Only some of the phone versions (older ones) have had their keys extracted and released. Also, with new technologies like SGX (shipped in some current desktop CPUs and soon phones) software publishers will be able to write code that can only be decrypted in the hardware's trusted enclave, so the key can never be observed. So stop yelling please when you don't know what you're talking about.
Get a Yubikey or other Universal 2 Factor device. Amazon has one for $6.
Ok, but if they get your phone they can still read the SMS messages so the attack is exactly the same...
I'm not sure you understand what this does. You might as well say how long do you think it will take for someone to make a fake Gmail app that steals your Google password? Or any other service for that matter? It is a completely orthogonal question to this topic.
Interestingly, the reason AES-256 is vulnerable to this related key attack is because it uses a modified key schedule compared to AES-128. AES-128 is not vulnerable to any significant related key attacks, so in that respect it is actually more secure than AES-256. As far as I am aware, the fastest attack in any model against AES-128 runs in time something like 2^125. So, I don't think it is fair to call it quits on AES just yet. Also, some prominent cryptographers like Bruce Schneier have suggested that simple increasing the number of rounds in AES-128 would eliminate most if not all of the attacks on it.
EIC phases out at $37k for an entire FAMILY, with children. That is extremely poor. Would you say a family of five making $40k is middle clas? Unless they are living somewhere with insanely low cost of living (few and far between these days), that is not a lot of money to get by on.
You know there is such a thing as a tax credit, right?
Let me guess, you are basing this on an episode of The Wire that you saw? Because you definitely did not truly and honestly, with no prejudices, interact with poor people and come away with that opinion.
Most encryption is not developed by US companies, it is developed by academics, who are famously difficult to censor or control. Also as other people have said, lots of those academics are not Americans.
It doesn't matter who developed it, the thing that doesn't seem to fit into his world view is that the details for all these encryption schemes are already out there. Anyone with halfway decent coding ability can implement them from the the specs to get an encryption library with no backdoor. And the crypto that we have now, by all estimations, should be more than good enough for the next few decades.