[Reply-To set to cryptopolitics] On 2013-03-28, at 12:37 AM, Jeffrey Walton <noloa...@gmail.com> wrote:
> On Wed, Mar 27, 2013 at 11:37 PM, Jeffrey Goldberg <jeff...@goldmark.org> > wrote: >> ... In the other cases, the phones did have a passcode lock, but >> with 10000 possible four digit codes it takes about 40 minutes to run >> through all given how Apple has calibrated PBKDF2 on these (4 trials per >> second). > Does rooting and Jailbreaking invalidate evidence collection? That is the kind of thing that would have to be settled by case law, I don't know if evidence gathered this way has ever been been offered as evidence in trial. (Note that a lot can be used against a suspect during an investigation without ever having to be presented as evidence at trail.) > Do hardware manufacturers and OS vendors have alternate methods? For > example, what if LE wanted/needed iOS 4's hardware key? You seem to be talking about a single iOS 4 hardware key. But each device has its own. We don't know if Apple actually has retained copies of that. > I suspect Apple has the methods/processes to provide it. I have no more evidence than you do, but my guess is that they don't, for the simple reason that if they did that fact would leak out. Secret conspiracies (and that's what it would take) grow less plausible as a function of the number of people who have to be in on it. (Furthermore I suspect that implausibility rises super-linearly with the number of people in on a conspiracy.) > I think there's much more to it than a simple brute force. We know that those brute force techniques exist (there are several vendors of "forensic" recovery tools), and we've got very good reasons to believe that only a small portion of users go beyond the default 4 digit passcode. In case of LEAs, they can easily hold on to the phones for the 20 minutes (on average) it takes to brute force them. So I don't see why you suspect that there is some other way that only Apple (or other relevant vendor) and the police know about. Cheers, -j _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
