Relevant technical info re Apple iPhone cryptosecurity

juan juan.g71 at gmail.com
Fri Feb 26 11:50:45 PST 2016


On Thu, 25 Feb 2016 16:14:16 -0600
Troy Benjegerdes <hozer at hozed.org> wrote:

> On Thu, Feb 25, 2016 at 05:34:08PM -0300, juan wrote:
> > On Thu, 25 Feb 2016 13:52:37 -0500
> > Steve Kinney <admin at pilobilus.net> wrote:
> > 
> > > 
> > > "These machines have two separate keys integrated into the silicon
> > > of their Apple-designed processors at the point of manufacture.
> > 
> > 
> > 	http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html
> > 
> > 	Hm. So, if you don't have the UID you can't run the key
> > 	derivation function. And allegedly the UID is not known to
> > 	apple...despite the fact that they (or their foundry) put
> > the UID into the 'secure' crypto coprocessor...
> 
> That's called 'plausible deniability'.
> 

	Yeah, except, apple claiming "we don't have the key we 
	burned into the phone" isn't too 'plausible' ^-^

	Anyway, the government gets the uid key one way or another and
	then brute force the passcode. Depending on passcode the
	process can take something like 0.000001s or less.

	
	It's technically possible that the passcode itself is a
	'big' ( > 90 bits?) random number or equivalent passphrase.
	But, likely? I doubt it.

	Also, from what I read, people can use their fingerprint as
	passcode? So, all the gov't has to do is look up the fingerprint
	in their archive? (ok, some format conversion required, but I
	suppose they can manage that)



> If only the NSA/Mossad/MI5 funded janitorial staff grab the UIDs,
> then both the fab and apple can pretend it's not happening.

	Yes, they can pretend...  ^-^


> 
> Seems like the FBI and NSA are having a bad breakup over a little too
> much LOVINT.
> 
> It seems much cheaper to actually and truly forget the UID once it's
> been encapsulated in the chip package, than to risk that you might 
> get Snowdened, and leave the spookery up to the spooks.

	Maybe. So, they don't have the keys, they already gave them to
	their partners in crime at the nsa. 

	It also should be noted that NOTHING that ANY subject of the US
	mafia/government says can be 'trusted'. Any one of these
	subjects may be under a 'secret order' 'gag order' 'liberty
	order' or whatever the correct newspeak term is.







More information about the cypherpunks mailing list