My understanding of the logistics is that the user key and the unique
signature burned into each device are hashed together as the key for
encrypting the data, so there is no way Apple could decrypt it for the
FBI. What Apple did do was implement the self-destruct where you get 10
tries and the data goes poof. There is also a small but real slowdown in
responsiveness after each failed attempt. So the FBI would like a
version of iOS that lacks the self destruct and the slowdown, which
would allow them to brute-force entry. The FBI can't make FBios and
install it because Apple also digitally signs their installers. This is
where the rubber meets the road. Apple or the FBI could create a
non-imploding version of iOS but only Apple holds the digital signature
which would allow a phone to accept the build. This is what Apple has
have been asked to do, to put their signature to something which defeats
the self-destruct and no longer thwarts a brute force attack on the
unlock code. If they sign the FBios install then they will also be
compelled to sign LibyaOS, SudanOS, BurmaOS etc. or sign for other less
clear-cut cases. In short, they will never get the genie back in the bottle.
As you say, a longer user key would go to great lengths to thwart a
brute force attack. If Apple takes the blue pill and compromises its own
security system it simply means the bad actors will just move on to apps
that encrypt things on their own from companies or loose collections of
folks whom the FBI has no leverage with.
CB
On 2/23/16 6:41 PM, Sabahattin Gucukoglu wrote:
My understanding is that the FBI is asking Apple for the technical capability
to brute-force the key. That’s all. The problem with Apple’s current design
is that it is vulnerable to simple firmware substitution. The assumptions that
it makes about the user’s key are all predicated on the notion that Apple would
never replace the firmware. As we now see, this was a bad choice. With FBIos
in place, that four-digit or even six-digit key will be cracked in no time.
Regardless of whether Apple develops it, we now have positive confirmation that
it’s possible. Quite simply, the iOS remote wipe, manual entry requirements,
and delayed entry are no obstacles to key recovery.
Or in other words, Apple can (and should!) fix this problem, simply and
effectively, by providing a strength meter for the passcode selection screen,
with the strongest indicator reserved for passphrases that will not be
trivially recovered using firmware substitution, and then force every user of
iOS to select a new passphrase on upgrade. I have already selected a
nine-character passphrase with uppercase, lowercase, numbers and punctuation.
With Touch ID, I really don’t feel a thing.
--
¯\_(ツ)_/¯
--
The following information is important for all members of the Mac Visionaries
list.
If you have any questions or concerns about the running of this list, or if you
feel that a member's post is inappropriate, please contact the owners or
moderators directly rather than posting on the list itself.
Your Mac Visionaries list moderator is Mark Taylor and your owner is Cara Quinn
- you can reach Cara at caraqu...@caraquinn.com
The archives for this list can be searched at:
http://www.mail-archive.com/macvisionaries@googlegroups.com/
---
You received this message because you are subscribed to the Google Groups "MacVisionaries" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to macvisionaries+unsubscr...@googlegroups.com.
To post to this group, send email to macvisionaries@googlegroups.com.
Visit this group at https://groups.google.com/group/macvisionaries.
For more options, visit https://groups.google.com/d/optout.
