On Thu, Mar 28, 2013 at 7:27 PM, Jon Callas <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > [Not replied-to cryptopolitics as I'm not on that list -- jdcc] > > On Mar 28, 2013, at 3:23 PM, Jeffrey Goldberg <[email protected]> wrote: > >>> Do hardware manufacturers and OS vendors have alternate methods? For >>> example, what if LE wanted/needed iOS 4's hardware key? >> >> You seem to be talking about a single iOS 4 hardware key. But each device >> has its own. We don't know if Apple actually has retained copies of that. > > I've been involved in these sorts of questions in various companies that I've > worked. Somewhat related: are you bound to some sort of non-disclosure with Apple? Can you discuss all aspects of the security architecture, or is it [loosely] limited to Apple's public positions?
> If you make a bunch of devices with keys burned in them, if you *wanted* to > retain the keys, you'd have to keep them in some database, protect them, > create access controls and procedures so that only the good guys (to your > definition) got them, and so on. It's expensive. Agreed. > You're also setting yourself up for a target of blackmail.... > Eventually, so many people know about the keys that it's not a secret. Your > company loses its reputation. Agreed. > On the other hand, if you don't retain the keys it doesn't cost you any money > and you get to brag about how secure your device is, selling it to customers > in and out of governments the world over. Agreed. I regard these as the positive talking points. There's no slight of hand in your arguments, and I believe they are truthful. I expect them to be in the marketing literature. >>> I suspect Apple has the methods/processes to provide it. >> I have no more evidence than you do, but my guess is that they don't, for >> the simple reason that if they did that fact would leak out. ... > And that's just what I described above. I just wanted to put a sharper point > on it. > I don't worry about it because truth will out. ... A corporate mantra appears to be 'catch me if you can', 'deny deny deny', and then 'turn it over to marketing for a spin'. We've seen it in the past with for example, Apple and location data, carriers and location data, and Google and wifi spying. No one was doing it until they got caught. Please forgive my naiveness or my ignorance if I'm seeing things is a different light (or shadow). >>> I think there's much more to it than a simple brute force. >> We know that those brute force techniques exist (there are several vendors >> of "forensic" recovery tools), .... > The unlocking feature on iOS uses the hardware to spin crypto operations on > your passcode... > Apple designed the hardware and hold the platform keys. So I'm clear and I'm not letting my imagination run too far ahead: Apple does not have or use, for example, custom boot loaders signed by the platform keys used in diagnostics, for data extraction, etc. There are no means to recover a secret from the hardware, such as a JTAG interface or a datapath tap. Just because I can't do it, it does not mean Apple, a University with EE program, Harris Corporation, Cryptography Research, NSA, GCHQ, et al cannot do it. A naturally random event is used to select the hardware keys, and not a deterministic event such as hashing a serial number and date of manufacture. These are some of the goodies I would expect a manufacturer to provide to select customers, such as LE an GOV. I would expect that the information would be held close to the corporate chest, so folks could not discuss it even if they wanted to. jeff _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
