Apple Says 'No'
-
A good encryption system is one that will not allow an attacker to decrypt a ciphertext even if he (a) knows the encryption/decryption algorithms and (b) has both plaintext and ciphertext of a set of messages encrypted with the key. If the key used has enough bits, the only way to crack the encryption is to attack the algorithm. Once the algorithm is known to be sound, you test an encryption system by generating keys (or key pairs). You do not encrypt (and destroy the plaintext) of any important data. No one can prove that many popular algorithms do not have built-in "back doors" (rumors about the NSA's work are legion), but if so - no one is talking...
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack. --Winston Churchill
Daniel Pfeffer wrote:
No one can prove that many popular algorithms do not have built-in "back doors"
Most widely used algorithms have open-source implementations, meaning you can look at the source and see if you see any deficiencies or back doors. So... the algorithms themselves are pretty sound.
-
Duncan Edwards Jones wrote:
If the file exists on the phone and was encrypted using an existing version of the data, how would installing a new version of the iOS allow easier unencryption?
My understanding is that if you attempt bad passwords X number of times, the phone bricks itself essentially. The "new" iOS being requested by the courts/FBI would allow unlimited attempts therefore making any phone that can have that OS installed brute forcible.
We answered the same thing at just about the same time, so I guess that is the stated story. I can see the concern, if this "modified" version of the OS got out onto "the wild", anybody could brute force an iPhone.
-
legal precedents are harder to over turn than they are to not create in the first place and I was lso thinking of this:
Quote:
"asked us to build a backdoor to the iPhone" — something he described as "too dangerous to create."
pandora's box, that would be exploited by criminals and legally allowed representatives alike. Really bad idea!
GStrad wrote:
asked us to build a backdoor to the iPhone
Ah, yes. That's certainly a nasty box. I was thinking purely of the legal rights. X|
cheers Chris Maunder
-
Daniel Pfeffer wrote:
No one can prove that many popular algorithms do not have built-in "back doors"
Most widely used algorithms have open-source implementations, meaning you can look at the source and see if you see any deficiencies or back doors. So... the algorithms themselves are pretty sound.
Very few people have the background in cryptography required to analyze an encryption algorithm. An algorithm with a vulnerability could be perfectly encoded, but still be vulnerable to attack.
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack. --Winston Churchill
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
It could be a marketing stunt on the part of Apple: (1)Apple publish that they refuse to unlock phones knowing damn well that that will unlock them. (2)Their sales go up and they gain a market share from the Android users who think 'Apple have an ethical stance'. (3)Apple then say that sadly they had no choice and unlock the phone - they come out of it smelling of roses.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
-
But why go to Apple? Just hire 2-3 really good phone hackers and they'll get in within a week.
Regards, Nish
Website: www.voidnish.com Blog: voidnish.wordpress.com
I'm pretty sure that would be illegal and any evidence uncovered would be inadmissible in any U.S. court. Law enforcement wouldn't be use any incriminating evidence, if found, to levy charges against any other accomplices.
if (Object.DividedByZero == true) { Universe.Implode(); }
-
Very few people have the background in cryptography required to analyze an encryption algorithm. An algorithm with a vulnerability could be perfectly encoded, but still be vulnerable to attack.
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack. --Winston Churchill
"Very few" is different than "no one", I believe you used the latter.
Daniel Pfeffer wrote:
An algorithm with a vulnerability could be perfectly encoded, but still be vulnerable to attack.
Sure, that is true of anything in this world, but that's the rationale for open sourcing projects... To allow other people other than the original designers to assess vulnerabilities.
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
It is not like that...but Apple has no idea how to unlock iPhone :-D
Skipper: We'll fix it. Alex: Fix it? How you gonna fix this? Skipper: Grit, spit and a whole lotta duct tape.
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
You need to get the full story. The government has not asked Apple to "unlock" that phone. The government wants Apple to create and install software on that phone which makes it hackable. Software can be copied. You may or may not love to hate Apple. But their words open another perspective: Customer Letter - Apple[^] :suss:
Life is too shor
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
The question is...can you trust the government. When you see how the IRS abused its power, I think the answer is obvious: No. Any tools given to the government will be used against real and 'perceived' enemies. A 'perceived' enemy is someone you disagree with politically.
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
Apple are saying no because it will devalue their biggest selling product. Even if we believe that it was special software written to access one particular phone, the fact that it could be done to anyone on a court order may well deter people from their products in the future. Having said that, I find it disingenuous of Apple stand up for security concerns when they've allowed such easy access to the data to, albeit legitimately, installed applications such as Facebook. Ultimately we should consider any computing device, especially devices capable of over the air comms, as insecure anyway.
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
-
If Mr. Cook chooses to ignore a court order, then Mr. Cook should be held in contempt of court. Isn't this what would happen to the rest of us?
-
Duncan Edwards Jones wrote:
If the file exists on the phone and was encrypted using an existing version of the data, how would installing a new version of the iOS allow easier unencryption?
My understanding is that if you attempt bad passwords X number of times, the phone bricks itself essentially. The "new" iOS being requested by the courts/FBI would allow unlimited attempts therefore making any phone that can have that OS installed brute forcible.
Vark111 wrote:
My understanding is that if you attempt bad passwords X number of times, the phone bricks itself essentially. The "new" iOS being requested by the courts/FBI would allow unlimited attempts therefore making any phone that can have that OS installed brute forcible.
Ten attempts. Then the phone not just blocks all info on the phone, it erases it completely. After that no tool can recover it; there is nothing to recover. The code in question is a 4 decimal digit code, so a brute force attack requires only ten thousand tries (or on the average half of that) - so little that it neither sounds very much "brute" nor very strong "force" :-)
-
This section seems a bit strange:-
Quote:
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone's physical possession.
If the file exists on the phone and was encrypted using an existing version of the data, how would installing a new version of the iOS allow easier unencryption? Also - wouldn't doing that utterly corrupt the chain of evidence meaning anything discovered could not possibly be used in a civilian court of law?
Duncan Edwards Jones wrote:
If the file exists on the phone and was encrypted using an existing version of the data, how would installing a new version of the iOS allow easier unencryption?
Unless the user specifies the full encryption key every time the encrypted information is accessed, the software does know the key. It is stored somewhere in the file system. Move that flash (/disk, for general PCs) over to another machine, as a secondary storage device, and the key can be read by that other machine. Sure, the key is usually encrypted; you won't find it in cleartext. But the OS/Application knows how to decrypt it. It must know, in order to decrypt the info for the proper user. But in a standard version, the OS/App refuses to do it until the operater has authenticated himself. The special OS edition on the other machine may be willing to decrypt the key without the the owner authenticating himself, e.g. presenting a password or fingerprint. Couldn't that info, given by the user, be (part of) what encrypts the key, so that an intruder would have to know that? But the OS knows that, too. It must know the PW (or some transformation of it) in order to check that the user gives the right one. So the alternate OS version may pretend that it has just read from the user a PW corresponding to the expected one, even if no user ever specified anything. Whether you install the alternate OS version on the same device or you move the storage device (flash/disk) to another machine makes no essential difference, as long as there exists a possiblity for loading a new OS version without logging in to the machine. In the old days, that wasn't always the case, but with modern automatic over-the-air updates and fixes, it it probably possible to replace all essential parts of the OS that way. The only safe encryption is where you are the one generating the key, the only one knowing it, and you never present it to the OS or to any application. For standard PC use, I would like to have a USB dongle where I can load, say, my X.509 certificates into a flash area that is not adressable across the USB interface; only the processor in the dongle can see it. So the PC sends the ciphertext across the USB interface, the dongle decrypts it, and returns hte cleartext to the PC across the USB interface. (Or it receives cleartext and returns ciphertext.) In many applications (such as S-MIME), the ciphertext will not be the full document
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
"The Gov isn't asking hem to unlock EVERYONE's phone" No, that's exactly what the government is demanding. They want a tool that will unlock any iPhone. And that is a dangerous precedent. If history has taught us anything, it is that no government should be trusted, at any time, to do the right thing, when the wrong thing is an option. It also represents a significant reduction in security, whose primary purpose is preventing hackers/crackers from gaining access to your data. If a backdoor is created, attackers will find it, and they will exploit it.
What can this strange device be? When I touch it, it gives forth a sound It's got wires that vibrate and give music What can this thing be that I found?
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
I do not understand what it means "No". The article says the authorities have the device. So if the device could be unlocked (it doesn't matter if it is, it matters that it could), then everyone could unlock the iPhone (okay, without a source code it takes a little bit longer, but not so much). If the device is strongly encrypted (as it should be), no backdoor may unlock it, instead a strong encryption would take several million years to brute force for a super computer. Finally if the device is not really encrypted, or private key could be reached by the hardware or it is obfuscated, then device is already unlocked, just use the right tools (obfuscation is not a security, but prevents power users to poke around the device). So what it means "We could, but we said "No"!"? Are the iPhone's are really secure or they're just secure, because normal users does not have proper hardware/source code (first is easy to create, second could be reverse-engineered). A really secure device should be impossible to be unlocked by its manufacturer, unless wiped out.
-
I don't know. It's hard to decide what the right balance is. While I believe that each of us has a right to our privacy, the good of the many outweighs the good of the one.
If it's not broken, fix it until it is
> the good of the many outweighs the good of the one well the world does not work this way (or neither of us would sit in front of a computer and talk about this) - *remember*: we (as in *the west*) are not *the many* when you see it globally And the context here really matters: it's not for the good of anyone if Apple give in - the *bad* will just go and use some other - more secure - means of communication, while we all would lose even more of our privacy. > “If privacy is outlawed, only outlaws will have privacy.” (Philip Zimmermann)
-
I do not understand what it means "No". The article says the authorities have the device. So if the device could be unlocked (it doesn't matter if it is, it matters that it could), then everyone could unlock the iPhone (okay, without a source code it takes a little bit longer, but not so much). If the device is strongly encrypted (as it should be), no backdoor may unlock it, instead a strong encryption would take several million years to brute force for a super computer. Finally if the device is not really encrypted, or private key could be reached by the hardware or it is obfuscated, then device is already unlocked, just use the right tools (obfuscation is not a security, but prevents power users to poke around the device). So what it means "We could, but we said "No"!"? Are the iPhone's are really secure or they're just secure, because normal users does not have proper hardware/source code (first is easy to create, second could be reverse-engineered). A really secure device should be impossible to be unlocked by its manufacturer, unless wiped out.
From my understanding of what is being requested is to have a version of iOS that will not wipe the device if the incorrect password is typed more than 10 times. If the Feds can have a version of iOS that will allow an unlimited number of password attempts, then they can eventually type the correct password and access the phone. I suspect the source code to allow an unlimited number of sign-in attempts before wiping the phone is a pretty easy code change.
-
Apple Fights Order to Unlock San Bernardino Shooter's iPhone[^]. Normally I would side with Apple, but I live 20 minutes from San Bernadino so this one hits home. The Gov isn't asking hem to unlock EVERYONE's phone - just this one. It could start a dangerous precedent, but I think the opportunity to discover valuable intel trumps Apple.
If it's not broken, fix it until it is
Once someone is convicted of a crime, have they not given up their right to privacy? Like a felon has given up the right to vote? I'm not for spying on innocent citizens, but what about citizens that have been proven to NOT be innocent? Liberty comes with a price, and so does wickedness.
