Posted on 02/20/2016 10:09:42 PM PST by Swordmaker
One small correction, often the IMEI is printed right on the SIM. So the FBI would not have to ask Verizon to look it up in the their database, they would simply remove the SIM and read it. But the point still stands the IMEI is not tied to the terrorist’s phone, it is tied to the terrorist’s SIM card. If Apple writes an security-bypass update tied to the IMEI, then FBI can put that SIM into any other phone and run Apple’s update on that phone. Either FBI personnel who wrote the court order are very stupid or they think the rest of us are too stupid to notice that.
That is not correct. The UID never leaves the phone and in fact never leaves a small section of code running in flash.
It would be very easy to place the subject device and a server on their own network and provide updates to either the Low-Level Bootloader or iBoot, which ever counts the sign-on attempts. Rather than incrementing the counter every sign-on attempt, set it to 1.
The sign-on attempt counter is not maintained by the boot loader or any other part of the boot code. As you know, the passcode is entered and processed only after the phone is booted. Your suggestion is sort of interesting in one aspect which is to install a special bootloader to reset the attempt counter. Even if that were possible (which is doubtful), the FBI requests a passcode tester that works after the phone is booted. They do not want to reboot the phone for each test, that would be much too slow.
Sword: What part of "The KEY IS NOT STORED ON THE DEVICE" do you fail to understand?????
Chill. The key is stored, but it is encrypted. See the link from my previous post. The way the key is recovered (decrypted) is by the process that Swordmaker described. That process can only be performed on the device with the correct UID (burned into HW) and correct passcode. Therefore retrieving the key alone is useless.
It must be pretty secure. I have never been able to access my data on I cloud
Just to reiterate, the AES key protecting the user's data is stored on the device but it is encrpyted and useless until it is decrypted. The way it is decrypted is a complex algorithm (complex so it can't be cryptoanalyzed). That algorithm requires the hash of the passcode (it is a salted hash for more security) and the UID burned into the HW. That way even if the key is retrieved it cannot be decrypted outside the phone by someone like the FBI.
I have been meaning to ask you if it might be possible for you to find a piece of information.
Some years ago, I read that Thomas Jefferson heavily consulted Vattel's law of Nations when writing the Declaration of Independence. I read that either Jefferson's copy of the Declaration is heavily littered with notes on Vattel, or that Jefferson's personal copy of "Droit des Gens" is heavily littered with notes on the Declaration. (I don't remember which it was.)
I have been trying to corroborate this piece of information, because if it can be demonstrated to be true, it solidifies the argument that Vattel's definition of the word "citizen" is the one which was intended when the Declaration of Independence was written.
Do you have an corroboration for whether or not Jefferson wrote notes linking "Droit des Gens" with the Declaration?
Actually Swordmaker and others have shown incredible patience as they logically dissected and rebutted your arguments.
What I find curious is that you utterly and completely refuse to criticize or even comment on the real cause of this mess - incompetent govt at all levels. Your belief in court orders borders on religous fanaticism. A person previously associated with the govt might have a bias toward ignoring its failings in all aspects of this terrorist attack.
Swordmaker and others, myself included, have pointed out that Apple was cooperating at trying to get the data onto the cloud when they were sabotaged by previous evidence tampering by the govt. Are those responsible for the tampering going to be fired or prosecuted?
Without the accidental [sic] tampering there would be no legal case with all its wonderful PR connotations that the govt is on one side while Apple and privacy supporters are siding with terrorists. The 35 page filing does come across as snarky and undignified - perhaps PR.
Apple vs. FBI: 9 Updates in the Fight Over a Killer’s Locked iPhone
MEDIA | By Joan E. Solsman on February 22, 2016 @ 5:26 pm
http://www.thewrap.com/apple-vs-fbi-9-updates-fight-locked-iphone/
Thanks for the information that furthered mine. The JTAG was brought up in a quotation that Ray posted. . . so I challenged if he even knew what it was. I knew he didn't know it was a way to poll the silicon to test for function, etc. He tossed it out trying to show he was "ept" when he really wasn't. The point apparently was that it could be a means of finding the code or UID and GID, etc., when Apple had already anticipated that.
My understanding is that to get a true random number seed, Apple has used the microphone, camera, and accelerometer sensors to poll when the AES encryption is first generated to get input to put into the random number generator. To be assured of re-creating the same thing later, they store that seed that was created in the same location the HASHes are stored.
Thanks DuhYup
That makes sense. The best way to get a cryptographically sound random key is to pull in high entropy sources like noise in microphones or noise in camera CMOS sensors. Basically make it impossible for an adversary to recreate. If they store that as a seed for a pseudorandom number generator that would be a sound way of restoring the AES key when it is needed.
Microsoft founder Gates backs FBI in encryption fight with Apple
Published February 23, 2016 FoxNews.com
Facebook539 Twitter0 livefyre Email Print
The clash between Apple and FBI heats up
Microsoft founder Bill Gates has broken with other Silicon Valley giants by backing the FBI in its battle with Apple over hacking into a locked iPhone as part of the investigation into last December’s San Bernardino terror attack.
In an interview with the Financial Times published Tuesday, Gates said a court order requiring Apple to help the FBI access a work phone belonging to gunman Syed Farook was “ a specific case where the government is asking for access to information. They are not asking for some general thing, they are asking for a particular case.â€
Gates went on to compare the FBI request to accessing bank and telephone records. However, he added that the government must be subject to rules about when it can access such information.
I hope that we have that debate so that the safeguards are built and so people do not opt, and this will be country by country. [to say] it is better that the government does not have access to any information. Gates said.
The San Bernardino County-issued iPhone 5C was used by Farook, who with his wife, Tashfeen Malik, killed 14 people at an office holiday party in December before they died in a gun battle with police. The government said they had been at least partly inspired by ISIS.
The problem with any computer is finding a way to generate a truly random number when one needs one that is not some how infected with a human's biases toward something. Even this method has a built in bias against low random numbers simply because it uses three or more inputs and combines the sampled "noise" which will result in a seed that inherently will result in a random number seed higher than what a truly random number could be if you accept that a truly random number could include "1" in its set. That choice was human based in its bias toward larger random number seeds, but it's certainly an acceptable bias.
This is called a "Appeal to authority" fallacy. Bill Gates has no standing to have an opinion more than any other individual, he's retired from Microsoft, but his fortune would be increased by any improvement in the competitive environment if Apple were taken down a peg or two.
I am curious what his take would be if Farook had been using a County Issued Windows Phone?
Now I see wikipedia lists hashes as one of the "Software whitening" tricks to make random numbers more uniform. But it is certainly a nontrivial issue and hashing is not the first choice.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.