Cigar Asylum Cigar Forum - View Single Post

markem · 02-17-2016, 06:35 PM

There are several technical issues at the heart of what Apple and others are championing. The 10-try limit is a way of saying that a normal person should get the password right in a few tries, so 10 or more is someone not authorized. Many issues buried in this. In general, the EFF is a good source on the broader issues (https://www.eff.org/).

The idea that the government wants is closely related to the term "key escrow" which is quite silly and should not be used except in very specific circumstances. Creating a master key (or even an algorithm for generating master keys on a per-phone basis) can never be truly be limited to just those authorized and the weakness it introduces fundamentally weakens the very carefully designed crypto mathematics and the protocols which depend on it.

Think of it kinda like the police saying that you must put a spare key under the back door mat "just in case" and then being assured that no one can find it.

btw, this still doesn't address possible issues with that backup you may have made to the iCloud. Completely different set of problems there.

edit: here is a good article from 2 years back.
https://www.eff.org/deeplinks/2014/1...ption-decision

02-17-2016, 06:35 PM	#20
markem Bunion Join Date: Oct 2008 First Name: Mark Location: Second Star on the Right Posts: 22,515 Trading: (47)	Re: Apple addressing security concerns. There are several technical issues at the heart of what Apple and others are championing. The 10-try limit is a way of saying that a normal person should get the password right in a few tries, so 10 or more is someone not authorized. Many issues buried in this. In general, the EFF is a good source on the broader issues (https://www.eff.org/). The idea that the government wants is closely related to the term "key escrow" which is quite silly and should not be used except in very specific circumstances. Creating a master key (or even an algorithm for generating master keys on a per-phone basis) can never be truly be limited to just those authorized and the weakness it introduces fundamentally weakens the very carefully designed crypto mathematics and the protocols which depend on it. Think of it kinda like the police saying that you must put a spare key under the back door mat "just in case" and then being assured that no one can find it. btw, this still doesn't address possible issues with that backup you may have made to the iCloud. Completely different set of problems there. edit: here is a good article from 2 years back. https://www.eff.org/deeplinks/2014/1...ption-decision __________________ I refuse to belong to any organization that would have me as a member. ~ Groucho Marx Last edited by markem; 02-17-2016 at 06:44 PM.