Any encoded message can be decrypted. It is just a matter of time and effort. And the government has purpose built big iron which will minimize the time and effort.
Don't feel so secure.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Releases Statement on Customer Privacy and Law Enforcement Requests for Customer Data
- Thread starter MacRumors
- Start date
- Sort by reaction score
Any encoded message can be decrypted. It is just a matter of time and effort. And the government has purpose built big iron which will minimize the time and effort.
Don't feel so secure.
Nah. That's the easiest answer of course, but I'd propose it's more akin to Huxley. IMHO, this issue is closer to a dystopian future of careless idiots and shallow existence....
Someone else said it better, so I'll just copy+paste:
"Orwell feared that the truth would be concealed from us. Huxley feared the truth would be drowned in a sea of irrelevance. Orwell feared we would become a captive culture. Huxley feared we would become a trivial culture, preoccupied with some equivalent of the feelies, the orgy porgy, and the centrifugal bumblepuppy." -N. Postman
-Will
The point is that if he is brewing meth, then Apple might be willing to give the police his Filevault password, but they can't. Apple would probably be able to give the police the three security questions, and if the answers are guessable, the police could then find the password.
In the podcast he cited the sources for the information he used and linked to the papers on his Twitter account last week. Here are the URL's:
http://www.narus.com/images/pdf/Narus_nSYSTEM_brochure.pdf
https://www.eff.org/files/filenode/att/SER_marcus_decl.pdf
https://www.eff.org/files/filenode/att/SER_klein_decl.pdf
http://cryptome.org/scott-marcus.pdf
http://cryptome.org/klein-decl.htm
https://www.eff.org/files/filenode/att/presskit/ATT_onepager.pdf
Not if Apple stores the private keys for "safe keeping". I wonder if they do...
Quantum computers may one day be able to decrypt standard encryption by factoring large prime numbers. As far as I know, the NSA doesn't yet have this technology, but the implications are astounding.
It is physically impossible to perform 2^256 operations on any computer. Not impossible for "the government" but "physically impossible" due to the minimum energy to perform any single operation based on the laws of quantum physics, and the total energy available based on the total matter in the whole universe.
256 bit encryption cannot be decrypted. On the other hand, if _you_ can decrypt the message then there are methods not involving computers and much more unpleasant for you.
You're the first person I've seen to mention Huxley and I completely agree. We're already half way there, as most people are medicated with mood-altering drugs (anti-depressants ect...), engrossed in mass-media fantasies, and otherwise distracted or oblivious to the real machinations of the world.
<pedant>Encoded messages need to be decoded, not decrypted.</pedant>
Also, certainly not true. One Time Pad cannot be decrypted without the pad used.
----------
It cannot be brute forced, due to the reasons you state. The algorithm used may be vulnerable to other forms of cryptanalysis.
Apple doesn't store the filevault key. They let you enter three security questions, which they store. You then enter three answers to the security questions, the filevault key is encrypted with these three answers, and the encrypted result is stored. To decrypt they filevault key, you need the exact same three answers. Anyone being able to guess the three answers can get the key. Anyone not able to guess the three answers can't, including Apple. But the filevault key still doesn't give the NSA anything; they'd need to get your hard drive as well.
In a company context, for company owned computers the key can be sent to the company. So if you leave the company and "forget" the filevault password, your company can read _their_ data on _their_ computer.
Last edited:
I have. There are lots of things in my life that are none of their business. What a boring life you must lead.
I always laugh when I read stuff like this. Look at the phone in your hand, look at your computer. You know who had technology like that 10 years before you did? The same people you are saying could never decrypt the info. Same goes for Apple saying they could "never decrypt" it. What a joke.
----------
um, this all started because there were no warrants. You think Apple is going to fight your fight for you?
Not Surprised - Room 641A
This should not come as a surprise. At the Level 3 Communications in Cambridge Ma where my servers a few years ago there were some super secret rooms installed and all the lines in and out were rerouted through those rooms.
HMM guess what the government (NSA) can read all your emails hear all your phone calls to even if your isp is not the one forking the data over. Just google Room 641A. the systems they use are Narus Insight these single machines can monitor traffic equal to the maximum capacity (10 Gbit/s) of data and thats just one now imagine many of these in one room.
Now that scary...
This should not come as a surprise. At the Level 3 Communications in Cambridge Ma where my servers a few years ago there were some super secret rooms installed and all the lines in and out were rerouted through those rooms.
HMM guess what the government (NSA) can read all your emails hear all your phone calls to even if your isp is not the one forking the data over. Just google Room 641A. the systems they use are Narus Insight these single machines can monitor traffic equal to the maximum capacity (10 Gbit/s) of data and thats just one now imagine many of these in one room.
Now that scary...
That information you shared was really interesting - particularly the legality bit. Really interesting that being forced to hand over your password is considered a violation of the fifth amendment... I feel like they've misconstrued it, though. It's more like the police demanding a key to open a vault with a warrant, it seems to me... That's permissible, is it not?
Yes, I'm sure. The whole point of encryption is that it protects you if someone else gains access to the raw data.
The only possible way to get access to the encrypted data would be to break the encryption, or for someone to get access to your hashed and salted iCloud password and crack that. Both of those are extremely unlikely to occur.
Prime number factoring is so 20th Century. Now days, the cool kids use elliptic curve cryptography.
Just for that "pedant" comment, UNCRIPTED.
One time pad encryption can be decrypted. Unfortunately, it can be decrypted to give you any message you want, with the correct one having no greater weight. If the one time pad becomes a two time pad, all bets are off.
When I was a kid, I wrote a one time pad program that would let you encrypt a message, then, you gave it a second message and it would generate a key to decode the first message, giving you the second.
256 bit encryption can be broken, if you use large clusters of computers, for a long time. (Think folding@home). Each bit you add doubles the amount of time needed to break the encryption. If I remember, 1024 bit encryption could not be broken by every computer ever built, before the sun runs out of fuel.
Let me repeat... there does not exist a computer on earth that can break the encryption Apple uses. If there were, the military and banks would not be using that encryption, as it would no longer provide the necessary protection. Right now, it would take on the order of billions of years for the most powerful computer to break it.
That is to say that of course it is possible to break it, and at some point in the future it will be possible to build a computer than can do so. The point is that the technology necessary is far, far off into the future... and encryption will have kept up with that technology anyways.
The same encryption is used by the military, all of the government's private contractors, banks, etc.
If it were possible to decrypt it, our national security interests would be screwed as our information would be up for grabs for anyone with a computer powerful enough to crack it. There are no computers powerful enough to do that... not even close. Right now, it would take billions of years for the most powerful computer in the world to break the encryption.
Apple please show the Fed's what being diligent & open is about... show the world how to do things - the right way.
Just keep on showing... they will follow.
Apple is the only one being proactive with this entire issue. How do you not just love this company... they are still the real deal. SJ has made the best co in the world, and no one can mess with them. Not even the damn Feds creating the collusion that is ongoing.
Just keep on showing... they will follow.
Apple is the only one being proactive with this entire issue. How do you not just love this company... they are still the real deal. SJ has made the best co in the world, and no one can mess with them. Not even the damn Feds creating the collusion that is ongoing.
That's what is at the heart of the debate over digital communications and security. Is it lawful to force someone to decrypt their secured information, regardless of whether the contents therein are illegal or incriminating or not - at least in the United States under the Constitution?
On the one hand we have the issue of personal privacy and the right to be secure and on the other hand national security and crime prevention.
Where is the balance and where do we draw the line?
Current 256 bit algorithms are assumed safe for the next 50 years - assuming 50 years progress in computing power (which personally I think won't be good for more than 20 bits), and assuming 50 years work how to crack these algorithms. And assuming that your secret is so important that someone will try to crack it for fifty years. As an example, DVD encryption uses a 40 bit key (which my Mac could probably crack in a few days), but the encryption method was stupid and could be split into cracking a 25 bit and a 16 bit key (which my Mac could do so quickly, you wouldn't even notice a delay when playing a DVD). Even that kind of blunder would not make current 256 bit algorithms crackable.
I think that is quite clear nowadays (due to some court cases based on more subtle points): If the police has a valid search warrant for the contents of your hard drive that would allow them to read it if it is unencrypted, then they can force you to decrypt the drive. The exception is if the fact that _you_ know the encryption keys is in itself incriminating; you might have claimed that the hard drive is not yours, if you can decrypt it then obviously it _is_ yours. For the search warrant, the same rules apply as for searching your home.
And there have been rulings that the police cannot search the data on your smartphone without a search warrant (in a situation where they could search items on your body without a warrant).
That's for RSA keys; where cracking a 256 bit key involves factoring a 256 bit number into the product of two primes, which is much easier than cracking 256 bit AES for example. I think 1024 bit RSA is not considered safe for 50 years, but 2048 bit is.
Last edited:
I think people are missing the point. The NSA doesn't need to go through the court system and request for data. Those requests are for other organizations to utilize. The NSA has taps into all the central offices where unencrypted Internet traffic flows. This makes all non-encrypted communications very easy to snag and save without any actions of those companies. Email and a majority of web traffic is unencrypted. If emails systems actually finally provided a simple implementation of pgp/gpg that could be easily adopted by all, the NSA's data would largely disappear. Then we just need to also start using end to end encryption channels more like FaceTime & iMessage and be done with it.
Google has been pro-active on this issue for years, and they have actually gone to court to fight warrants, and they have also been one of only three companies to challenge the National Security Letter provision of the PATRIOT Act. They have been publishing a ton of information about government requests through their transparency report for years.
Apple hasn't been pro-active at all. They've never talked about the number of warrants and government requests they've gotten until now, and the only reason they released the number is because of the PRISM story coming out.
That is to say, Apple hasn't been proactive on this issue. Google is about the only company that really has.
----------
Yes, iCloud Keychain is encrypted and cannot be read by Apple.
iWork docs may or may not be, Apple hasn't stated either way.