Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Internet firms to be banned from offering unbreakable encryption under new laws
The Telegraph UK ^ | 02 Nov 2015 | By Tom Whitehead, Security Editor

Posted on 11/03/2015 11:58:52 AM PST by Swordmaker

UK -- Companies such as Apple, Google and others will no longer be able to offer encryption so advanced that even they cannot decipher it when asked to under the Investigatory Powers Bill

Internet and social media companies will be banned from putting customer communications beyond their own reach under new laws to be unveiled on Wednesday.

Companies such as Apple, Google and others will no longer be able to offer encryption so advanced that even they cannot decipher it when asked to, the Daily Telegraph can disclose.

Measures in the Investigatory Powers Bill will place in law a requirement on tech firms and service providers to be able to provide unencrypted communications to the police or spy agencies if requested through a warrant.

The move follows concerns that a growing number of encryption services are now completely inaccessible apart from to the users themselves.

It came as David Cameron, the Prime Minister, pleaded with the public and MPs to back his raft of new surveillance measures.

He said terrorists, paedophiles and criminals must not be allowed a "safe space" online.


(Excerpt) Read more at telegraph.co.uk ...


TOPICS: Business/Economy; Constitution/Conservatism; Culture/Society; Government
KEYWORDS: applepinglist; billgates; gatesfoundation; microsoft; netneutrality; uk; windowspinglist
Navigation: use the links below to view more comments.
first previous 1-2021-4041-59 next last
To: rigelkentaurus
no such thing as unbreakable encryption

Your claim that no encryption is unbreakable is in practice false.

The fact is if it takes more time to break the encryption than the utility of the encrypted data's value, it is, for all practical purposes, unbreakable. . . or if there is just not enough time left before the universe dies a heat death to break the encryption, which with our current technology is the case.

The current state of the art is that 256 bit AES encryption can only be broken by brute force, trying every possible key until you find the right one that will decrypt the data. Most of our financial industry uses 128 bit AES encryption which they think is sufficient for their purposes in handling Trillions of dollars of transactions securely. . . as does many of our governmental agencies. So far, the Financial industry has been correct. I won't judge the security of our government. They are rapidly moving to 256 bit AES.

Apple, for example uses a key that takes the user's passcode of whatever length (it can be anything from four numbers to a complex passcode of up to 256 characters made up of the 223 alphanumeric and symbols accessible through the keyboard) and entangles it with the 128 characters of a Universal Unique ID imbedded in the device to create the key used to make the encryption.

For example, if the user elects to use a 16 character complex passcode using upper and lower case letters mixed with numbers and symbols, that passcode would be then entangled with the 128 character UUID of the device to construct a 144 character key. The number of possible keys is 144223.

Calculating from that, it turns out that if we were to use the fastest supercomputer in the world technologically available to us, which could try and compare 100,000 keys per second to see if each key resulted in anything sensible in the data, and if it did not, then going on to the next potential key (this is at a rate of 3 TRILLION possible keys per year), it would take 5.62 undecillion (5.62 X 10195 years before all possible keys could be tested.

The half-life of a proton is estimated to be only 1030 years and by 1078 or 1080 years, all matter in the Universe would have devolved to a soup of sub-atomic particles. . . long before that supercomputer, if it still existed, was even half-way done trying keys.

If you made that supercomputer even a TRILLION times faster, it would merely knock off only 12 zeros off the number of years it would take to try all the number of keys, making it take only 5.62 X 10183 years. . . before all keys had been tried.

It is pretty obvious that any information held by such an encryption would be moot long before it could be broken.

This is what has these governments' panties in such a wad. . . they cannot possibly break the encryption.

The only way they can get in is to get the owner of the device to give them the passcode. . . and if that owner refuses, to torture it out of him.

21 posted on 11/03/2015 1:17:02 PM PST by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 7 | View Replies]

To: akalinin
Just wait until quantum computers. No encryption scheme will be unbreakable.

Quantum computers are going to be merely a lot faster. . . that does not give them magical abilities to suddenly break the laws of large numbers. . . or to magically break encryptions that would take large numbers of years to try every possible key looking for sensibility in the data. Even were a Quantum Computer a trillion times faster than the fastest supercomputer available today, it would shorten the time by only 12 zeros off a very large number. . . and for us, it would make no difference in the already astronomical time frames. Unless you put a trillion parallel such computers working on sections of the possible keys, which would probably not be worth the investment, you'd not be able to shorten the time to find the right key. . . and even then, it'd probably still be years before the right key would be found, at a tremendous cost.

22 posted on 11/03/2015 1:23:13 PM PST by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Swordmaker

By passcode, does this include the basic entry to unlock the phone? Or is this hypothetical 16 digit passcode somewhere deeper in the system, or inside some encryption app that then applies to email, etc?


23 posted on 11/03/2015 1:24:11 PM PST by DesertRhino ("I want those feeble minded asses overthrown,,,")
[ Post Reply | Private Reply | To 21 | View Replies]

To: Swordmaker

sounds like Apple isn’t going to be able to sell iPhones in the previously free and Great Britain.


24 posted on 11/03/2015 1:34:58 PM PST by zeugma (Teach your child a love for motorcycles, and he'll never have money for drugs.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

Even if the Brits passed this law, couldn’t someone simply write an app that installs similar encryption? Apple couldn’t be responsible for that.


25 posted on 11/03/2015 1:38:46 PM PST by DesertRhino ("I want those feeble minded asses overthrown,,,")
[ Post Reply | Private Reply | To 24 | View Replies]

To: DesertRhino
By passcode, does this include the basic entry to unlock the phone? Or is this hypothetical 16 digit passcode somewhere deeper in the system, or inside some encryption app that then applies to email, etc?

The passcode is either the four digit number, which will be entangled with the UUID, or now, with iOS 9 which defaults to a six digit passcode, or the user can opt to use a complex alphanumeric/symbolic passcode which can access 223 characters from the keyboard, all of which will be entangled with the UUID. None of which is kept on the device.

If the user opts for just the four digit numeric passcode, the key would be constructed from that number plus the 128 character UUID, making a 132 character key. That is STILL a very difficult key to break. The number of possible keys is 132223. . . a number far larger than a Googol.

Of course, it is much easier for someone to watch the user unlock his device and observe his passcode and note which four digits he uses than to observe and note which sixteen characters he may be using, if he opts for a more complex passcode. Once a crook or cop knows the passcode, there is nothing to stop them from getting in.

The passcode, the key, etc. are converted to a one-way HASH which is stored in the Secure Enclave portion of the Processor. Each time the user enters the passcode, the one-way HASH is recalculated and then compared with what is stored in the Secure Enclave. If it matches, the device is unlocked. The user is allowed five attempts to input the passcode. . . if those five attempts fail, the device is locked and will require use of the owner's AppleID and an unlock signal to be sent from Apple to re-activate the device. The user can also opt to have the device erased completely after a set number of attempts. The user can also remotely erase the device if it is stolen or out of his control.

It the device is openable by the TouchID sensor, the pattern is also kept as a one-way HASH in the Secure Enclave. Incidentally, the TouchID sensor doesn't use the fingerprint, it uses the ridges and the valleys of the fat pads under the epidermis of the finger. No photo or pattern of fingerprints is kept on the device. If the device is not opened for 48 hours, or the device has been turned off, the passcode must be used. Again, if a number of failed attempts is tried, then an AppleID is required to access. . . or the device can be erased.

26 posted on 11/03/2015 1:42:04 PM PST by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 23 | View Replies]

To: DesertRhino
By passcode, does this include the basic entry to unlock the phone?

That's exactly what it means. . .

27 posted on 11/03/2015 1:43:18 PM PST by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 23 | View Replies]

To: DesertRhino
Brits passed this law, couldn’t someone simply write an app that installs similar encryption? Apple couldn’t be responsible for that.

Not the same thing at all. . . Apple provides encryption for the device and to and from iCloud, assuring privacy at all levels. An App cannot do that. . . and since Apple curates the App Store, they'd be held responsible for allowing it on the App Store. Damned if the do, damned if they don't.

28 posted on 11/03/2015 1:45:30 PM PST by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 25 | View Replies]

To: Swordmaker; Abby4116; afraidfortherepublic; aft_lizard; AF_Blue; Alas Babylon!; amigatec; ...
No strong encryption for YOU, filthy peasant!! ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

Thanks to Swordmaker for the ping!!

29 posted on 11/03/2015 1:48:10 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 5 | View Replies]

To: DesertRhino
Even if the Brits passed this law, couldn’t someone simply write an app that installs similar encryption? Apple couldn’t be responsible for that.

Possibly. How do you trust the authors though? Also, you'd need really good passwords to keep them from being able to brute-force it. If it was an Android, I'd say you could keep your PGP/GPG keys on an SD card, but you can't do that with Apple phones. (one of the few beefs I have with them.)

30 posted on 11/03/2015 1:48:59 PM PST by zeugma (Teach your child a love for motorcycles, and he'll never have money for drugs.)
[ Post Reply | Private Reply | To 25 | View Replies]

To: Swordmaker

Ok, I haven’t been an apple fan,,,, but that’s freakin’ impressive.


31 posted on 11/03/2015 1:51:13 PM PST by DesertRhino ("I want those feeble minded asses overthrown,,,")
[ Post Reply | Private Reply | To 28 | View Replies]

To: zeugma

People who want them will still get them. Buy online from Apple or some other merchant, or go phone shopping on the Continent.


32 posted on 11/03/2015 1:51:58 PM PST by Coronal
[ Post Reply | Private Reply | To 24 | View Replies]

To: Swordmaker

My passcode includes the sound of a .45 unloading in the face of anyone asking me for my passcode.


33 posted on 11/03/2015 1:57:05 PM PST by MeganC (The Republic of The United States of America: 7/4/1776 to 6/26/2015 R.I.P.)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Swordmaker

Pricks. If they force the manufacturers to do this, everyone should just start encrypting the comms along the way.


34 posted on 11/03/2015 1:58:10 PM PST by Still Thinking (Freedom is NOT a loophole!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma
sounds like Apple isn't going to be able to sell iPhones in the previously free and Great Britain.

Which is why Apple should stand firm. If Britons are no longer permitted by law to purchase the latest iPhone, perhaps they will elect politicians who will change the law.

It is still a free country.

35 posted on 11/03/2015 2:01:42 PM PST by Drew68
[ Post Reply | Private Reply | To 24 | View Replies]

To: rigelkentaurus

In practice there is. How do you know when you’ve successfully broken the encryption? When the cleartext makes sense? But...for a full size key that isn’t reused, there should be a key that produces a given ciphertext from any arbitrary cleartext of the same length. Thus, how do you know that your “readable” cleartext is the right readable cleartext?


36 posted on 11/03/2015 2:02:01 PM PST by Still Thinking (Freedom is NOT a loophole!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Swordmaker

And indulge me one more question. How does this affect or not effect data stored in the cloud? If you are backing up to the cloud, if they cannot open your phone, cant they essentially get that data from the provider?
Or does the encryption reach that deep?


37 posted on 11/03/2015 2:06:09 PM PST by DesertRhino ("I want those feeble minded asses overthrown,,,")
[ Post Reply | Private Reply | To 28 | View Replies]

To: Swordmaker
For example, if the user elects to use a 16 character complex passcode using upper and lower case letters mixed with numbers and symbols, that passcode would be then entangled with the 128 character UUID of the device to construct a 144 character key. The number of possible keys is 144^223.

Either I'm on crack, or they came up with some new permutation math, or that's supposed to be 223^144. ;)

38 posted on 11/03/2015 2:06:27 PM PST by Still Thinking (Freedom is NOT a loophole!)
[ Post Reply | Private Reply | To 21 | View Replies]

To: rigelkentaurus
no such thing as unbreakable encryption

True, given enough time and computing resources, you could eventually crack any encryption. But most data justifying encryption is time sensitive, and if it is going to take a couple of hundred years, the data is probably not going to be very helpful once it is finally accessed...

39 posted on 11/03/2015 2:10:11 PM PST by CA Conservative (Texan by birth, Californian by circumstance)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Swordmaker
If the user opts for just the four digit numeric passcode, the key would be constructed from that number plus the 128 character UUID, making a 132 character key. That is STILL a very difficult key to break. The number of possible keys is 132223. . . a number far larger than a Googol.

But knowing the UUID, for a person known to have a four-character passcode, couldn't they just brute force the 223^4 possible combinations of that with the UUID, hash, and find the one that matches? 223^4 is 2.47x10^6, so that's still a lot, but not past the death of the universe or anything.

40 posted on 11/03/2015 2:13:27 PM PST by Still Thinking (Freedom is NOT a loophole!)
[ Post Reply | Private Reply | To 26 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-59 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson