Relevant technical info re Apple iPhone cryptosecurity
Troy Benjegerdes
hozer at hozed.org
Thu Feb 25 14:14:16 PST 2016
On Thu, Feb 25, 2016 at 05:34:08PM -0300, juan wrote:
> On Thu, 25 Feb 2016 13:52:37 -0500
> Steve Kinney <admin at pilobilus.net> wrote:
>
> >
> > "These machines have two separate keys integrated into the silicon
> > of their Apple-designed processors at the point of manufacture.
>
>
> http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html
>
> Hm. So, if you don't have the UID you can't run the key
> derivation function. And allegedly the UID is not known to
> apple...despite the fact that they (or their foundry) put the
> UID into the 'secure' crypto coprocessor...
That's called 'plausible deniability'.
If only the NSA/Mossad/MI5 funded janitorial staff grab the UIDs,
then both the fab and apple can pretend it's not happening.
Seems like the FBI and NSA are having a bad breakup over a little too
much LOVINT.
It seems much cheaper to actually and truly forget the UID once it's
been encapsulated in the chip package, than to risk that you might
get Snowdened, and leave the spookery up to the spooks.
More information about the cypherpunks
mailing list