Apple Privacy Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 04/20/2015 8:33:09 PM PDT by Star Traveler
They periodically do animated home pages, and pages 365˚ viewing.
If you want on or off the Mac Ping List, Freepmail me.
they are both gay-wad companies and will sell you down the river if you text something anti-gay.
hell, apple boycotted a whole state
f’ers
f them and google
Apple can’t access the encrypted data ... and that’s why the government is upset about it. The government can give Apple a court order to give them the data and Apple will give them something that neither Apple or the government can access.
i’d guess they are making a stink about nothing. i’m sure they still have access on the backend, as they can easily conduct MitM attacks (at least the NSA can, as they have direct access to the telcos)
ofc... if google and apple have properly encrypted their own keys into all devices, it’s possible it could be secure... until those keys are cracked
Swordmaker has explained this before; perhaps he can do so again here. My understanding - for Apple - is that the data is encrypted right at the phone and Apple doesn’t have the key. Each phone will be unique that way. Apple designed it so that it is impossible to gain access to the users data (by Apple itself). That way there is no way to comply with any order to decrypt the data.
Google is a high-tech whorehouse.
No phones with unnecessary features, no Google searches, no Apple, no Windows, no problems. Small, low cost computers that use very little power can be built for cheap with unregulated components and free software. Ditto low power radio kits with analog TX/RX. Digital repeaters are dependencies.
In sum, no bowing to rent-seeking interests.
“Battle” this, “battle” that, where there’s no battle: homo talk.
Well they will have a long time waiting to crack those keys. First of all the data that is sent from the iPhone is already encrypted to a 256 bit AES standard by the iPhone using the iPhones 128 bit UUID entangled with the users passcode as a key. If the user uses a sixteen character passcode from the 220 characters available from the keyboard.
Here is the detailed explanation:
Apple allows us to use every single character one of the 220 characters accessible from the keyboard in our passcode. . . and your passcode can be up to 256 characters long.
Although Apple does prohibit having any two characters sequentially identical, you are free to do anything else. Essentially, your passcode can be any character string combination. That gives you the possibility of having up to 256223 passcode combinations. Think about that very huge number. Just 16 numeric numbers plus a four digit date code makes it almost impossible for fraudsters to hit on a valid credit card number. Nine numbers in our Social Security numbers makes it almost impossible to hit valid SSNs. Here we have a possible combinations almost infinitely larger than either of those that can be used to encrypt your data.
But it is even better than that, sten. . . because after YOU select your passcode to use, your Apple computer or device entangles that passcode with the 128 bit Universally Unique Identifier (UUID) assigned to your device. Now, that gives 384223 possible passcode combinations. That combined, entangled KEY is then converted to a HASH on your device so that it cannot be reverse calculated from the HASH, and then used to encrypt your data to a 256 bit Advanced Encryption Standard file, unlockable only with the original key. . . which is kept only device.
A Googol, is 10100, a very large number indeed. This number of possible passcode combinations is FAR larger than a Googol.
It is then uploaded by YOU to the iCloud as that encrypted file. Apple does NOT have a key that can unlock it. No one but you can unlock it. THAT, my FReep friend is what is known as secure. If your upload is intercepted by anyone, all they see or record, is gobbledegook, garbage code. Un-intelligible noise.
Most people are obviously NOT going to use a 256 character passcode. But a sufficiently complex shorter one is sufficient.
You are right in that Apple may be required to hand over to the government what they are holding. . . and even be required to help the government gain access to what they have. But what can they do if they do not have the technology to do ANYTHING to gain access to the data they have stored?That is the situation as it stands.
How long would it take to try every possible combination of characters and numbers and symbols that could have been used to encrypt your databy brute force? Good question. Because that is what would be required, unless they can force YOU to reveal your passcode.
Let's assume your Passcode was a short, but complex, 16 character code. Recall, however, that it was entangled with your computer's or device's 128 character UUID, so the base is now 16 + 128 or 223144, not quite so large as the that previous number, but still huge. . . and quite a bit larger than a Googol.
985,624,295,028,035,000,000,000,000,000,000,000,000,000,000,000,000 possible combinations. That's 985 Quindecillion, give or take a few.
If the government's supercomputer could check 50,000 passcodes every second, It therefore tests 1.5 TRILLION possible passcodes a year. Let's grant the government agency a 33% faster supercomputer and say they could check 2 TRILLION passcodes a year, OK? That means it would take their supercomputer only a mere. . .
49,281,214,751,401,700,000,000,000,000,000,000,000 YEARS
to check all the possible passcodes to decipher your encrypted file that had been encoded with your 16 character complex passcode entangled with a 128 character UUID. It is possible they could, if they were outrageously lucky, get the data deciphered next week, but it more likely will take them a good portion of 492 Undecillion (1035 years to break into your data. Double, triple, quintuple, or even multiply the speed of the government's super computer by a factor of 1000. . . it makes only infinitesimal differences in the amount of time it would take to break your passcode. That's the law of very large numbers at work.
Apple never has your passcode so the entanglement that occurs on your iPhone or iPad must be unencrypted on your iPhone or iPad. Anything intercepted by a man-in-the-middle attack would be so much gobble-do-gook that would take 492 undecillion years to decipher. By the time the get your passcode and UUID entanglement, I think you and the government involved might not be around to care much what's in the files. . . considering that the half-life of protons is considerably less than that, the Universe would have long before become randomized quarks and other elementary particles.
incidentally, once your encrypted file gets to Apple, it is anonymized, split into four parts, and then mixed with other Apple users and again encrypted with Apple's own 256 bit AES encryption using their own keys. Although Apple could decrypt that, they do not have your key, and all they would have is your gobble-de-gook file, un-decipherable to them as well.
So good luck on cracking any of those keys.
This is wonderful! Since I don’t trust our government in any way shape or fashion to keep me safe, I’ll take my chances that I can protect myself. After reading what this guy Chisholm has tried to do in Wisconsin, I’d say we need to “decript” our government and start sending a lot of them to jail. Replace the marijuana users that are in jail with the Chisholms of this country!
Vance is a worm, just like his daddy.
you can obtain the udid by connecting the device to itunes.
as for the users pass code, 99% of those codes will use the standard 26 characters with possible numbers, case, and a $ or !
not to mention, most people use a small set of passwords. finding them is as simple as dnloading the latest passwordz database.
using this approach significantly reduces the amount of effort needed to brute force a password.
but that’s just for getting at information stored on the phone. cracking the voice channel would be easier, especially for those that control the backbone.
as for cracking speed... seriously? 50k? that’s funny.
looking to bitcoin miners, my old rig could process 30 GHash/sec 2 years ago. today, you can pick up a rig that can do 2500 GHash/sec for $5k. assuming fedgov has at least 1000 of those rigs, or better, would put their brute force capacity somewhere above 2500 THash/sec. trying to brute force a purely random 256 bit AES key would still take a while (more then 9x10^50 years)... but since they only need to check the smaller subset, it shouldn’t take long at all.
and of course, this all assumes the random number generator they’re using produces a properly random number and not something from a smaller subset
Google Is Evil.
Beautiful pictures. It is nice to know that one of the world’s richest men is a catholic, although I don’t know how much he or his wife believe. He is very generous.
he has that look about him...utterly and completely isolated
I hae known one independently wealthy man...and he and cyrus have a similarly aloof...sort of appearance.
There's always one in every group who thinks they're smarter than than the law of very large numbers and that their gaming rig from X could do it faster. . . Whipping it out in a couple of weeks.
No, you're wrong. First of all, you ignored what I told you about a "complex" passcode. Apple enforces the requirement when using a complex passcode for using both upper and lowercase characters, numbers, and symbols accessible from the keyboard. So your 26 becomes 36 alphanumeric plus the symbols. The point is one can increase one's degree of complexity by tossing in an obscure symbol of two which are easy to reach on Apple keyboards.
There is something else about Apple iPhones you don't get. That passcode itself is NOT the characters that are actually used in the entangled encryption key. Instead, the iPhone creates a unique minimum 16 character HASH based on your unique passcode which is stored in the Secure Enclave memory EPROM built into the iPhone's processor. It is this 16 character or greater HASH that is actually entangled with the 128 character UUID. There is no way to limit your assumptions to mere Alphabet characters and numbers or even symbols.
That HASH never leaves the iPhone nor does the algorithm that creates it. The HASH is created new each time the user inputs his passcode, and that new HASH is compared to the stored HASH in the Secure Enclave, if they match, the data will be deciphered as needed. A second HASH is constructed from key points of the fingerprint subcutaneous ridges, not the fingerprint itself.
The way Apple has designed this, the data can only be deciphered on the iPhone where it was encrypted, because the HASH is on the iPhone . . . and unless the putative organization trying to decipher it can get both the full UUID and the HASH as starting points, they are really screwed. They have to go the route of getting a court order requiring the owner of the iPhone to reveal his passcode.
As for getting the UUID, merely by hooking the device up to iTunes, no, that doesn't work the way you think it will. It is my understanding that iTunes uses only a partial subset of the entire UUID. So that's out.
Now your assumptions about your computer's being so fast. I found your claims quite amusing. To do each comparison of each potential key is not the trivially simple process you seem to think it is. The 144 character key candidate must be amended incrementally in each position after which the newly changed key must be then put through the description routines on a sufficiently large exemplar section of the encrypted data AND automated tests to see if the key deciphered the data or not.
The process must decipher enough of the target to assure either it deciphered, or it didn't. Which means it has to find recognizable data in the file, but it may be looking at photo or video data which I some segments may look random. Now go back, increment the key you have and go through the comparison again and tests again, rinse repeat. So, sten, it is not just a matter of simply incrementing the key and voilá, in. There are numerous floating point calculations in each step of the process and it takes a finite amount of time for each incremental check. So you have a fast processor box, you still have to move around a lot of data for each incremental check.
That 50,000 per second number did not come out of thin air. . . It came from encryption specialists in the field working with state of the art super computers. It was an article from two years ago, but the technology has not increment end the speed that much. But let's say it has. Grant them a thousand times faster. Take that 492 undecillion years and drop three zeros from the number of years. Now multiply your thousand time faster computer once more and make it a thousand time faster again. . . A million times faster. Drop three more zeros from the number. It is still an impossibly huge number of years.
you seemed to miss this:
“and of course, this all assumes the random number generator they’re using produces a properly random number and not something from a smaller subset”
i believe the stink is being raised because the tech companies, and hackers, finally found out about the smaller random set that was being used. this led to keys that were much easier to crack.
as for cracking the new igadget... it’s already been done, just not popularized.
i missed nothing. I dismissed it as not worth attention. That statement is twaddle. . . modern devices are adept at random number generation. What century are you living in? You are grasping at straws trying to resurrect your weak arguments.
as for cracking the new igadget... it’s already been done, just not popularized.
No, it hasn't. If you have a link, post it. There are methods to get around the iTouch fingerprint sensor. but they require thousands of dollars of equipment. Nice try. . . and they don't work on a iPhone that has been shut down once or restarted or after 48 hours. Success is only iffy. The iPhone will lock after a number of unsuccessful attempts, requiring a legitimate passcode to unlock it. That is generally good enough for most people. If you really need security, don't use the iTouch fingerprint sensor.
If the iPhones and iPads had already been compromised, the government would not be in such a dither about these devices. Admit it. You don't know what you are talking about.
On another forum one of you anti-Apple guys was claiming they could do Electron Microscope shaving of the A-8 processor to read the Secure Enclave EPROM to find the HASH in the magnetic domains. . . LOL! Yes, it had been accomplished as a proof of concept test on a grossly larger single layer chip reading a simple 40 bit code on a ROM, but that is several orders of magnitude less complex than getting at the registers on the processor and reading them without disturbing their state with an Electron beam. Atlas he was being creative with his absurd claim. Even more absurdly, he claimed that was not possible on Android devices as they were "protected" from such exploits. They don't even keep their passcodes in encrypted formats, storing them instead in regular text files in the open in an easily found Library, LOL!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.