Posted on 03/28/2016 10:22:38 AM PDT by Swordmaker
Apple announces plans to hand over iCloud encryption key management to users
Apple has announced its plans to transfer iCloud encryption key management to account holders, a move which could stand in the way of or even prevent the FBI and other law enforcement agencies from requesting users' information.
The tech giant currently manages the encryption key management for all iCloud account holders.
eWeek reports that because of this level of control, Apple provided federal authorities with several iCloud backups of Syed Rizwan Farook, an individual who participated in a mass shooting and attempted bombing in San Bernardino, California back in December. The company cooperated with authorities even as it refused to help them unlock the suspected terrorist's iPhone.
But the times they are a-changin'.
Back in 2014, many account holders experienced a crisis of faith when a hacker allegedly leaked the nude pictures of several well known celebrities from their private iCloud accounts.
Although the breach may have been assisted by users falling for phishing messages, Apple vowed to explore ways to further enhance the security of its services and devices.
It is against this backdrop that we have seen the ongoing Apple-FBI controversy.
Over the past few months, several well known figures in the tech field, including the CEO of Google, have supported Apple's decision to not comply with the FBI's demands that it help authorities unlock Farook's iPhone.
The future of this case is uncertain. Just recently, a federal court granted the FBI's request to postpone all court proceedings while it takes the time to investigate a method of unlocking the suspected terrorist's iPhone that would not require Apple's assistance.
But even if the U.S. Department of Justice decides to drop this particular case, it is almost certain that the tech giant will face more and more requests to access customer data in the future.
With that in mind, Apple's decision to hand over encryption key management to iCloud account holders will render many of these requests irrelevant. Without the encryption keys, Apple will have no way to access users' encrypted iCloud data regardless of how much the U.S. government wants it.
The onus of data management will therefore shift to the users themselves.
There is admittedly some risk in that transition; if users forget their passwords, Apple will have no way of restoring access to their accounts. This might lead some users to create easy-to-remember passwords that by their nature could weaken the security of their iCloud accounts.
It is therefore important that iCloud users begin thinking about password security now. I recommend that users consider creating an account with one of the leading password managers (examples include Dashlane, LastPass and 1Password). These services not only remember passwords for users, but many of them can also generate strong passwords automatically.
A password manager could ultimately be the perfect tool to help iCloud users handle their own encryption key.
Q: What’s the difference between USA and USB?
A: One connects to all of your devices and accesses the data, the other is a hardware standard.
If I had their resources My company would not be falling under U.S. jurisdiction. And all my customers would know why.
Gee, maybe the government needs to start focusing on keeping the terrorists out of the country in the first place.
Pinging dayglored, Shadow Ace, and Thunder Sleeps for their ping lists.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
I predict it will come to that. We are governed by people who think our right expire when they become inconvenient.
US Jurisdiction has now reached even into Swiss bank accounts. . .
We are being governed by people who think that all Rights of the people derive from the government, not that all governmental power derives from the people being governed. They are totally clueless about the actual source of their power and the source of the people's rights.
I have to admit that this FBI / Apple thing has me a little confused. I always heard cases where smart phones were confiscated and used against typical people at traffic stops, accidents, etc.... Our computers can be confiscated and used against us. What is causing this debate? Is it simple password protection of the phone causing this? If someone understands, please let me know. Mainly, let me know what I need to protect my phone and self in the event I have an issue.
It has to be more than a password, it will need to be a very large key. Password managers like 1Password have a feature to back-up data to the cloud. Imagine what happens if your local computer hard drive crashes, and so you lose your local 1Password copy, and along with it your local copy of your iCloud key, and now can’t get to the back-up in iCloud to restore the 1Password DB.
I’m envisioning something similar to what happenened internal to Microsoft when they forced employees to use BitLocker to encrypt their work machine hard drives. User’s are forced to back-up the recovery key during set-up. However, countless numbers of them don’t have the key if it’s needed later. So MS IT implemented a system that backs the key up to a remote service. MS IT support can give the user access to this to retrieve their key, but the user stil has to do it himself by logging into a website with his domain credentials. Before that service, it was a veritable circus of lost hard drive contents and angry users.
So I think giving the user an option is great, but people who aren’t prepared and able to have a good offsite backup of their key should be cautious lest they lose all the benefits of backing up important data to the cloud. I would recommend putting it on a USB key and storing that in a safe deposit box.
BTW, Backblaze, who is who I use for cloud backup offered this option to their users a couple of years ago. Most people are not using it, but it’s a nice option to reduce concerns about Backblaze being hacked.
Or Apple can pull an Obama. Give away the next 10 million iphones with unbreakable encryption FOR FREE.
That is the whole reason I own an apple phone...
The government can go diddle themselves somewhere else other than in my private business...
Allow me to introduce to you the Jefferson Disk, invented by the man who largely wrote the Declaration of Independence, Thomas Jefferson, also known as having the 3rd president of our fair republic.
This particular cypher was good enough that a variation of it was used as late as 1942 by the U.S military.
What appears to be new, however is demands by the government that they always have access to break said encryption when employed by lowly citizens. Personally, I find it hard to believe that Mr. Jefferson would have supported that point of view.
We are being governed by people who think that all Rights of the people derive from the government, not that all governmental power derives from the people being governed. They are totally clueless about the actual source of their power and the source of the people's rights.
Sorry to disagree with you Swordmaker, but I think that it is pretty obvious that these days governmental power derives from the barrel of a gun, and nothing more.
The FBI is trying to misuse the San Bernadino terrorist case to garner sympathy for its attempt to bypass the Constitution by requiring Apple (and other cell phone manufacturers) to build in a back door so that law enforcement can break into all phones with or without a warrant or probable cause.
This isn’t about fighting terrorism, the war on drugs, etc. It’s about a police state trying to screw you out of some of your privacy rights by forcing corporations to act as de facto agents of the snoop police.
Good. Enough tyranny. The State wants something? Get a warrant.
Don’t lecture me about “terrorism,” or “security.” All propaganda to promote tyranny. Tim Cook is an American hero for doing this.
As I continually tell everyone, if you put data on the Cloud it is no longer yours. Live with it.
The iPhones/iPads that a user has opted to protect with a passcode are encrypted with a 256 bit Advanced Encryption Standard which is for all practical purposes unbreakable in anything but astronomical time. While the original four digit default passcode has only 10,000 possible solutions, someone trying to break into the iPhone/iPad so protected has only 10 chances to hit the right one before the device erases the encoded comparison hidden in an unreachable location inside the device is permanently erased, making the data for ever unreachable.
That four digit passcode is NOT the key to the encryption but just one piece of four pieces used to construct the AES key used to encrypt the data on the FLASH memory of the device. The other three pieces of that key are a Unique Device ID (UDID), a Group ID shared by all devices of the same model (GID), and a random number generated when the user first input his passcode created by reading the device's camera, microphone, accelerometer, and a fourth sensor, combined to make a truly entropic random number undiscoverable outside the device.
These four pieces, passcode, UDID, GID, and random number, are entangled by a hidden algorithm each time the passcode is entered to recreate the AES Encryption/Decryption KEY to decipher the data on the FLASH memory stored on the iPhone or iPad as needed. This KEY, at minimum would be a 132 characters in length, and can be up to 256 characters, and use any of the 223 characters in the Apple set. Thus there are a minimum 223132 . . . to a maximum 132256 concatenated possible KEYS to try in brute force try to decrypt just ONE iPhone.
Using the fastest supercomputer we now have available to us, which could Brute Force try capable of making 27,000,000,000,000 decisions per second, trying just the lowest possible number of KEYS it would take:
116,209,806,593,914,624,870,054,703,785,744,427,568,633,721,207,504,810,301,460,528,440,066,724,340,287,715,735,679,109,701,519,266,939,088,502,843,132,044,241,925,457, 525,205,617,562,366,850,487,761,225,023,194,470,172,963,858,894,739,659,197,015,195,249,199,831,485,264,916,715,387,833,813,135,377,729,928,185,972,857,659,278,426,726, 061,487,888,562,070,911,854,491,581,420,641,841,193,727,418,626 YEARS to try every possible KEY to decrypt just one iPhone.
If you'd like to see how that is said in English, Click Here for where I posted it originally on FR, but be prepared for a long read. Don't try to read it out loud in one breath!
That is why the FBI was wanting Apple to re-write iOS to get around the ten tries and it erases the Key to the Encryption Key. Without that basic key, you don't get to the main AES key ever. That limit of ten tries is the first line of defense and it's hard coded into the iPhone's/iPad's hardware.
We are in agreement. . . notice I said "We are being governed by people who think that all Rights of the people derive from the government, not that all governmental power derives from the people being governed."
Once they adopt that premise. . . then the power of the barrel of the gun is a natural consequence of how that government will inflict its stolen illegitimate power.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.