Posted on 09/01/2015 4:56:56 PM PDT by Swordmaker
My favorite programmer joke
What’s the only thing dumber than an end user?
Two end users.
SIGH. If you think that anyone can intercept and 256 bit AES standard encryption and decipher it, I'll sell YOU the bridge, Okie. Any passcode on an Apple device is entangled with the device's UUID to construct the encryption key. If any person or agency intercepting the data doesn't have the key, which at the point of transmission could be as long as 2,176 bits or as short as 160, plus stop bits between eight bit bytes, the only way to break the cypher is brute force.
If the user has selected a 16 character passcode (and Apple allows a user to construct a passcode from all 223 character accessible from the keyboard), the number of years it would take using a supercomputer capable of trying two trillion passcodes a year to try all possible keys is 5.26 vigintillion years (yes, Okie, that is a real number, it's 5.26 x 10195). My math is correct, I've done it several times to show others like you who think they could break such a cypher next week with the fancy gaming rig.
If you increase the speed of your supercomputer by a trillion, you only drop the number of years to ~5 x 10183 years. In any case, by the time they cracked your encryption, the Electrons in the Universe would have died from entropic heat death and nobody would be around to be interested in what you had stuffed in your bits and bytes which would have long since randomized and died along with the rest of the universe.
So, Okie, I can get you a great deal on the Brooklyn Bridge. . .
So, I agreed. Nobody has ever invented a back door that could be exploited.
Then why did you imply that someone could intercept the data flow and descript it?
All electronic communication is subject to interception.
It’s routed from server to server and all points in between.
That's still a pointless comment, Okie. So what that they can intercept a string of unintelligible, encrypted gobbledegook. They can intercept all they want, they can do NOTHING with it! They don't have the key.
Nonsense? Man in the middle attacks have been around from day one. No doubt with the power available, packets can be reassembled with some effort especially since anyone can be targeted by IP address. The internet is deeply flawed in every way as far as privacy is concerned.
95 percent of the people using the internet are about as savvy as Hillary and my in laws.
Something new...the iPencil.
And with that comment you joined the 95%. Okie, SO WHAT if they can assemble the packets being sent from an iPhone. It SIMPLY DOESN'T MATTER if they assemble the entire message! It is encrypted with 256 bit AES standard encryption with a key they do not have and cannot get.
What part of "It will take them 5.62 Vigintillion years (5.62 x 10195 years) to try every possible key to decrypt the message using a super-computer capable of trying 3 million keys per second." do you simply fail to comprehend??? They can intercept the transmissions and waste time and resources trying to decrypt the data stream to their heart's content for all I care. . . they just cannot do it. It is impossible to do in any even unreasonable time frame! Protons will EVAPORATE in a mere 1036 years, and they'd have hardly gotten started trying keys trying to break into 256 bit AES standard encryption. Hell, Okie, there are only an estimated 4 X 1079 to 4 X 1081 ATOMS in the entire observable universe, yet this number of years is 5.62 X 10195! The math is the math. . .
Who needs brute force when you can have the key. Brute force is only that last option.
It’s entirely possible the NSA forced back doors in the encryption algorithms. They’ve done it on computers for years. We’ve heard about that in the trades.
Taking that leap it’s entirely possible that someone could figure out or leak the secret. I’ve read that some back doors have been exploited in the past.
It’s even entirely possible that every government computer is compromised thus leaking every encryption key made in the last few years. I know how software works and it would be completely undetectable unless you know exactly where to look.
Again, what part of "Apple does not even store the key on the iOS device," do you fail to comprehend?
It’s entirely possible the NSA forced back doors in the encryption algorithms. They’ve done it on computers for years. We’ve heard about that in the trades.
And, again, what part of "Apple does not have any backdoors in their software or Operating Systems" do you fail to comprehend, Okie?
I am beginning to think you really do not understand math, Okie. You don't force a backdoor into a mathematical encryption like the AES 256 bit standard.
It's an open source standard and algorithm, Okie, well understood and examined in detail over the 14 years since it was accepted by the National Institute of Standards and Technology in 2001. Before that it underwent years of development in the cryptography community. . . it is not just something a programmer came up with on the spur of the moment.
Further, Apple has stated categorically, under the most severe personal penalties for the officers and top managers of the corporation making the statements, due to the 2002 Sarbanes Oxley Act, that Apple has not allowed any backdoors in their software or operating systems. These penalties are $20,000,000 and 20 years in Federal prison for uttering official statements that turn out to be false that have negative affects on the value of the company or the company's stock values.
". . . Finally, I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will. . . "Tim Cook's Open Letter to Apple Customers, also cited in Apple's Financial reports and Financial Conference Calls.
Such a communications from the CEO of Apple is a legal, Sarbanes Oxley triggering document. As such, if it is NOT true, Tim Cook would be liable for the personal fines which could not be re-imbursable from Apple, and prison term of 20 years. Ergo, the statement is true. Apple has not put any backdoors in their Operating Systems.
You keep throwing spit wads against the wall without really knowing what you are attacking . . . because you haven't bothered to research Apple's system at all. You assume it is like everyone else's poor approach to security. It is not. You prove your ignorance about Apple's approach in every post.
How are they going to get that passkey, Okie? Torture of the iPhone's owner? It is not stored on the iPhone. The only thing representing that passcode is a One Way HASH. . . and that is in the Secure Element inside the processor, inaccessible from the outside, and only accessible to the processor for comparison with a newly generated HASH from a newly input passcode entered by the user, which cannot be retained.
Keep in mind, it is a two factor because the passcode is entangled with the iPhone's UUID. So any putative hacker will also require the UUID from the internals of the iPhone. The UUID is NOT on the outside of the iPhone. . . nor is it available from the iPhone without being able to unlock it. OOPS. So the hacker needs both the passcode from the user and the UUID from inside the iPhone. Then to find the real encryption key, our hacker ALSO needs the algorithm which is used to entangle the two to actually generate to encryption key. Good luck with all of that.
Now do you begin to appreciate the mountain that must be climbed???
Cook would be jailed for doing NSA a favor? Hardly.
One thing is certain to me, anything stored electronically is a risk. Saying it’s impossible it foolish. You may not be able to brute force decrypt, but anyone with the tools and access to your laptop for more than a few minutes would have a field day. Remember Stuxnet and its variants? There are even better ones out there now naturally.
No, it doesn't work that way, Okie. The Sarbanes Oxley Act of 2002 is a Federal Statute that controls what happens if the STOCKHOLDERS are injured because a corporation LIES to the public. It becomes TOO OBVIOUS and someone will be punished. . . and whose name is on those claims. Tim Cook's. He would go to prison and he would be fined. There is no wiggle room, Okie. Sorry, you just do not have a clue where Financial Crimes are concerned under SOX. Hell, a CEO of a FISHING boat company was sent to federal prison under SOX for making a statement the government decided was false (it wasn't) but he still spent 8 years in prison and lost his majority holdings in his own company defending himself, before an Appeals court finally reversed the lower court and censured the Federal Prosecutor for even bringing the ridiculous case. Basically Sarbanes Oxley has teeth.
We were talking about iOS and iPhones and iPads, but if you want to discuss OS X, fine. Physical possession of my new MacBook would get you NO WHERE. I have it locked down with complex passwords. The Drive is 256 bit AES standard encrypted with File Vault with a sixteen character complex passcode.
The new MacBook's don't have a Thunderbolt port, so even if Apple had not closed the Thunderstrike vulnerability two months ago, that wouldn't get you in. There used to be a way to change the passwords on OS X Macs, but NOW it requires the owner's AppleID and complex password, and mine, in particular is protected by two-factor notification, which means to even use that AppleID requires I authenticate the access by entering a six digit code sent to my iPhone. So, unless you ALSO have access to my iPhone simultaneously with access to my MacBook, you simply won't get in.
I do know what I am talking about. Several years ago, I was able to breach a Windows7 Pro laptop that had been hardened and "secured" by the US Air Force Academy's IT department for one of their cadets who had forgotten his password—they are required to change them every month. He'd come home for the holidays and had a 50 page paper to finish before returning and couldn't get into his work, because he could NOT recall what he had set his new password to. I got him in.
Frankly, I did not find it that difficult. LOL!
Perhaps, you could physically open the case and stick some hardware in there, but how would the software work with it? You still cannot install any software. Besides, have you seen how cramped the MacBooks are for space?
Your analogy of a physical lock/key combination with AES 256 bit mathematical algorithms has just proved to me you don't have a clue about what you are talking about where I do know what I am talking about. Sorry, you lose. There is simply no comparison between the two situations, Okie.
The only way your analogy would fit is if there were only seven possible keys to the AES encryption and those keys were published in the Washington Post. That is not the case, Okie, instead, there are . . .
1,052,019,282,033,700,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000.000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 possible keys.
1.052 duovigintillion possible keys that could be used, if the users had just a 16 character passcode.
The other problem with your analogy, is that Apple has not provided the government with any such backdoor key that could be compromised by such sheer stupidity. As I've repeatedly pointed out, there are no backdoors.
On a more positive note I can't wait to get the iPencil, with "laser beams".
Wait...what's that? No frick'n laser beam?
You have to admit, it's a pretty lame new product.
Uh, the UUID is not something that even the user will know. That is inherent in the processor.
No, it is not. You have no clue what you are talking about if you think the Apple Pencil is a lame product. You don't even know what you can do with it, do you? Here's a glimpse from Apple:
I have done graphics art for pay in the past, sometimes using a Wacom pad and stylus. I can think of nothing close to $99 that can do what this Apple Pencil can do anywhere near that price point. . . or as easily with a single hand. "Lame?" Not by a long shot.
Office of Personnel Mgmt: 5.6M estimated to have fingerprints stolen in breach.
This pretty much ends fingerprint security for some folks.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.