Cigar Asylum Cigar Forum  

Go Back   Cigar Asylum Cigar Forum > Non Cigar Specialty Forums > Misc > General Discussion

Reply
 
Thread Tools Display Modes
Old 02-17-2016, 09:08 AM   #1
AdamJoshua
Article 4 Free Inhabitant
 
AdamJoshua's Avatar
8
 
Join Date: Jan 2013
First Name: The Other Adam
Location: Satellite Beach
Posts: 9,544
Trading: (35)
Bolivar Army (Served With Honor)
AdamJoshua has much to be proud ofAdamJoshua has much to be proud ofAdamJoshua has much to be proud ofAdamJoshua has much to be proud ofAdamJoshua has much to be proud ofAdamJoshua has much to be proud ofAdamJoshua has much to be proud ofAdamJoshua has much to be proud ofAdamJoshua has much to be proud of
Default Apple addressing security concerns.

Well it's come down the government trying to push Apple into building a special version of iOS that would allow them (the government) to access data on any phone in their possession. Interesting enough, Apple has always worked with the FBI to unlock / remove data from iPhones when requested, now that doesn't seem to be enough, I'm sorry but I really don't trust the government or their security, I have a feeling this piece of software would be on the internet within days of being handed off to the feds.

Here's the letter from Tim Cook to Apple users.

http://www.apple.com/customer-letter/
AdamJoshua is offline   Reply With Quote
Old 02-17-2016, 09:32 AM   #2
mosesbotbol
That's a Corgi
 
mosesbotbol's Avatar
 
Join Date: Oct 2008
First Name: Moses
Location: Boston
Posts: 5,643
Trading: (6)
Punch
mosesbotbol has a spectacular aura aboutmosesbotbol has a spectacular aura aboutmosesbotbol has a spectacular aura about
Default Re: Apple addressing security concerns.

Apple should only comply with decryption when there is a warrant. I am not much for Government back door's to software. What's the point of encryption if it's not really encrypted and secure?
__________________
F1 | Port Wine | Welsh Corgi | Campagnolo
mosesbotbol is offline   Reply With Quote
Old 02-17-2016, 10:20 AM   #3
AdamJoshua
Article 4 Free Inhabitant
 
AdamJoshua's Avatar
8
 
Join Date: Jan 2013
First Name: The Other Adam
Location: Satellite Beach
Posts: 9,544
Trading: (35)
Bolivar Army (Served With Honor)
AdamJoshua has much to be proud ofAdamJoshua has much to be proud ofAdamJoshua has much to be proud ofAdamJoshua has much to be proud ofAdamJoshua has much to be proud ofAdamJoshua has much to be proud ofAdamJoshua has much to be proud ofAdamJoshua has much to be proud ofAdamJoshua has much to be proud of
Default Re: Apple addressing security concerns.

To be honest I'm actually surprised at how strong their encryption really is, usually these things are not as advertised but it seems in this case it is and some.
AdamJoshua is offline   Reply With Quote
Old 02-17-2016, 11:17 AM   #4
dave
Have My Own Room
 
dave's Avatar
5
 
Join Date: May 2011
First Name: Dave
Location: Northern VA
Posts: 1,140
Trading: (15)
Partagas Navy (Retired)
dave is a jewel in the roughdave is a jewel in the roughdave is a jewel in the rough
Default Re: Apple addressing security concerns.

Unfortunately, we're getting pummeled by fear mongers...I worry that a lot of previously sane-ish folk will be getting behind the government on this.
__________________
I would rather be exposed to the inconveniences attending too much liberty than to those attending too small a degree of it. Thomas Jefferson
dave is offline   Reply With Quote
Old 02-17-2016, 11:35 AM   #5
mosesbotbol
That's a Corgi
 
mosesbotbol's Avatar
 
Join Date: Oct 2008
First Name: Moses
Location: Boston
Posts: 5,643
Trading: (6)
Punch
mosesbotbol has a spectacular aura aboutmosesbotbol has a spectacular aura aboutmosesbotbol has a spectacular aura about
Default Re: Apple addressing security concerns.

RSA encryption key had a Govt back door; didn't go over well when the public found out. No way Govt can control this as anyone could just write their own encryption software or just keep the files off of US servers with another encryption product.
__________________
F1 | Port Wine | Welsh Corgi | Campagnolo
mosesbotbol is offline   Reply With Quote
Old 02-17-2016, 01:00 PM   #6
Weelok
Have My Own Room
 
Weelok's Avatar
5
 
Join Date: Jul 2011
First Name: Dave
Location: Elk Grove, CA
Posts: 2,146
Trading: (13)
RA
Weelok will become famous soon enough
Default Re: Apple addressing security concerns.

Herr is what I have read.

1. The government did get a search warrant for the data as without the warrant Apple said it could not help.
2. This is not software for a back door.
3. No back door is being requested of Apple now or in the future.
4. The software request is to disable the deleting of the database on 10 password failures. If you look at your settings, it's normally disabled however you can have your phone delete data when 10 failed password attempts have occurred.
5 The FBI would like to be able to disable this feature so they can run password checks and unlock the phone without deleting the data.
6. Brute force authentication is at worst 6 ^^ 6 attempts or 46,656 tries.
7. It's far easier to enter a passcode then break the encryption which I assume is AES 128 but could be 256. AES 256 is extremely difficult to break and that's all I will say on that.
__________________
Drink, pray, smoke, and work out.
Weelok is online now   Reply With Quote
Old 02-17-2016, 02:31 PM   #7
The Poet
Il megglior fabbro
 
The Poet's Avatar
 
Join Date: Jun 2009
First Name: Thomas
Location: Madison, NJ
Posts: 7,382
Trading: (2)
The Poet is a splendid one to beholdThe Poet is a splendid one to beholdThe Poet is a splendid one to beholdThe Poet is a splendid one to beholdThe Poet is a splendid one to beholdThe Poet is a splendid one to beholdThe Poet is a splendid one to beholdThe Poet is a splendid one to behold
Default Re: Apple addressing security concerns.

Riddle me this. If terrorists or criminals utilize these encryption tools to hide their activities, and successfully plan attacks, human trafficking, child abuse, drug smuggling, illicit arms deals, or whatever, are you going to blame the government or Apple for any bad consequences?

I can understand the public having mistrust of governmental intrusion, abuse, or failings. I do NOT understand why one would trust a profit-driven corporation more.
__________________
Ninety percent of everything is crap - Theodore Sturgeon.
The Poet is offline   Reply With Quote
Old 02-17-2016, 03:10 PM   #8
markem
Mostly Harmless
 
markem's Avatar
11
 
Join Date: Oct 2008
First Name: Mark
Location: Casa TJ
Posts: 16,008
Trading: (47)
HUpmann
markem has disabled reputation
Default Re: Apple addressing security concerns.

This topic has wandered far. The Apple notice was basically them patting themselves on the back for what they, and many others, have insisted for years; namely, a security backdoor is not guaranteed to only be used by the good guys. Being good capitalists, they do not want to dissuade consumers and so want to tout how well they are protecting the average citizen. Point in fact is that any reputable company is adopting the same policies. They are no better nor worse than Microsoft or Google or anyone else that hopes to succeed.

They are, however, US-based, which presents some challenges given the political environment. Samsung is not US-based and so can easily avoid US machinations, for example. For them, the US market is not dominant in their sales figures. For Apple it is.

If you are obsessed about the US government and its potential for overreach, then you applaud the Apple letter and believe that Apple is striking a blow for freedom and the American Way (TM).

If you are a realist, then you know that it is Apple marketing.

Weelok's last comment is weird in this context and he implies that he is a cryptography expert. I am not, but the whole wink-wink-nudge-nudge thing grates as it usually comes from wannabes. No comment on the whole RSA thing as I just snorted on that comment.
markem is offline   Reply With Quote
Old 02-17-2016, 03:11 PM   #9
markem
Mostly Harmless
 
markem's Avatar
11
 
Join Date: Oct 2008
First Name: Mark
Location: Casa TJ
Posts: 16,008
Trading: (47)
HUpmann
markem has disabled reputation
Default Re: Apple addressing security concerns.

Quote:
Originally Posted by The Poet View Post
Riddle me this. If terrorists or criminals utilize these encryption tools to hide their activities, and successfully plan attacks, human trafficking, child abuse, drug smuggling, illicit arms deals, or whatever, are you going to blame the government or Apple for any bad consequences?
If a terrorist drives a Ford Escort to the Superbowl and sets off a nuclear bomb, do you plan to sue Ford?
markem is offline   Reply With Quote
Old 02-17-2016, 03:15 PM   #10
dave
Have My Own Room
 
dave's Avatar
5
 
Join Date: May 2011
First Name: Dave
Location: Northern VA
Posts: 1,140
Trading: (15)
Partagas Navy (Retired)
dave is a jewel in the roughdave is a jewel in the roughdave is a jewel in the rough
Default Re: Apple addressing security concerns.

Depends. Is The Poet a lawyer?
__________________
I would rather be exposed to the inconveniences attending too much liberty than to those attending too small a degree of it. Thomas Jefferson
dave is offline   Reply With Quote
Old 02-17-2016, 03:32 PM   #11
8zeros
What's this button do?
 
8zeros's Avatar
 
Join Date: Dec 2013
First Name: Roger
Location: Far from everything
Posts: 267
Trading: (0)
8zeros will become famous soon enough
Default Re: Apple addressing security concerns.

Clone the drive.
Burn lots of copies. 1000 phones gives you 10,000 tries.
Make your ten tries.
Rotate copies to be reburned.
This could be automated. Really fast if there is an emulator.
No need for a hack.
I'll do this for them for less than $350,000,000.00.
__________________
8zeros is offline   Reply With Quote
Old 02-17-2016, 03:50 PM   #12
The Poet
Il megglior fabbro
 
The Poet's Avatar
 
Join Date: Jun 2009
First Name: Thomas
Location: Madison, NJ
Posts: 7,382
Trading: (2)
The Poet is a splendid one to beholdThe Poet is a splendid one to beholdThe Poet is a splendid one to beholdThe Poet is a splendid one to beholdThe Poet is a splendid one to beholdThe Poet is a splendid one to beholdThe Poet is a splendid one to beholdThe Poet is a splendid one to behold
Default Re: Apple addressing security concerns.

Actually, it depends upon if Ford builds a hidden compartment in their Escorts that is designed to secret cargo from detection. Ford might insist it was intended to allow the driver to smuggle a six-pack into the Super Bowl, but does that mean they are not responsible if it is used instead to hide a few bricks of C4? That is a question for a legal expert, not for a poet.

Yes, this statement is ridiculous. So is Apple's position. And FYI, Apple will admit the Chinese market is their most vital one now, not the US one. Plus, Apple has its headquarters in the US, but most of its manufacturing is done in China, and most of its money it stuck away in foreign banks to avoid their corporate tax responsibilities. Finally, the Apple core labor under the fantasy that Apple dominates the smartphone market. In fact, they only have about 18% of the market. Samsung alone has a 27% share, while the others in the market own the rest. This has nothing to do with the security issue here, yet is germane for those who feel what Apple says should be gospel.
__________________
Ninety percent of everything is crap - Theodore Sturgeon.
The Poet is offline   Reply With Quote
Old 02-17-2016, 04:27 PM   #13
Weelok
Have My Own Room
 
Weelok's Avatar
5
 
Join Date: Jul 2011
First Name: Dave
Location: Elk Grove, CA
Posts: 2,146
Trading: (13)
RA
Weelok will become famous soon enough
Default Re: Apple addressing security concerns.

Quote:
Originally Posted by markem View Post
This topic has wandered far. The Apple notice was basically them patting themselves on the back for what they, and many others, have insisted for years; namely, a security backdoor is not guaranteed to only be used by the good guys. Being good capitalists, they do not want to dissuade consumers and so want to tout how well they are protecting the average citizen. Point in fact is that any reputable company is adopting the same policies. They are no better nor worse than Microsoft or Google or anyone else that hopes to succeed.

They are, however, US-based, which presents some challenges given the political environment. Samsung is not US-based and so can easily avoid US machinations, for example. For them, the US market is not dominant in their sales figures. For Apple it is.

If you are obsessed about the US government and its potential for overreach, then you applaud the Apple letter and believe that Apple is striking a blow for freedom and the American Way (TM).

If you are a realist, then you know that it is Apple marketing.

Weelok's last comment is weird in this context and he implies that he is a cryptography expert. I am not, but the whole wink-wink-nudge-nudge thing grates as it usually comes from wannabes. No comment on the whole RSA thing as I just snorted on that comment.
Heh, I think you read to much into my last comment. I'm no trying to establish myself as an expert and I withdraw my penis from the measuring contest however the key take-a-way is the iPhone encryption can be broken but it takes significant time and effort.

So if you look at one of my earlier statement, logging into someone's phone would take 46,656 attempts and that is trivial compared to cracking encryption.

Here is some information for those that care on encryption and time to decode. A thing to note is this is the time for a brute force attack.

https://en.m.wikipedia.org/wiki/Adva...hannel_attacks

Modern techniques used to crack hardware encryption, such as used on the iPhone, are explored in Wikipedia.
__________________
Drink, pray, smoke, and work out.
Weelok is online now   Reply With Quote
Old 02-17-2016, 05:06 PM   #14
Weelok
Have My Own Room
 
Weelok's Avatar
5
 
Join Date: Jul 2011
First Name: Dave
Location: Elk Grove, CA
Posts: 2,146
Trading: (13)
RA
Weelok will become famous soon enough
Default Re: Apple addressing security concerns.

I forgot to put the links on time to crack. This will be interesting as the first link dated 2012 will discuss the brute force time to crack:

http://www.eetimes.com/document.asp?doc_id=1279619

Now let's see how a modern approach does it and note the article is in the same year:

http://www.maximumpc.com/researchers...-world-record/

But even cracking the encryption in 148 days or less depending on the parallel processors, it's quite a bit easier to crack the password especially if they are just 6 characters in length.
__________________
Drink, pray, smoke, and work out.
Weelok is online now   Reply With Quote
Old 02-17-2016, 05:16 PM   #15
Weelok
Have My Own Room
 
Weelok's Avatar
5
 
Join Date: Jul 2011
First Name: Dave
Location: Elk Grove, CA
Posts: 2,146
Trading: (13)
RA
Weelok will become famous soon enough
Default Re: Apple addressing security concerns.

And oops, it's not 6^^6 its 10 ^^ 6 or 10 * 10 * 10 ... * 10 = 1,000,000 password combinations for brute force.

The non-expert that I am didn't do my math correctly, for shame. If you assume nobody starts with a 0 it can be done a wee bit faster hah. The true experts have rules they use that "most" people use and it takes about a third of the attempts and if they know a little bit about you, well, it's pretty easy but suffice it to say it's still more then 10 tries so the FBI would like a bit of help from Apple.
__________________
Drink, pray, smoke, and work out.
Weelok is online now   Reply With Quote
Old 02-17-2016, 05:21 PM   #16
markem
Mostly Harmless
 
markem's Avatar
11
 
Join Date: Oct 2008
First Name: Mark
Location: Casa TJ
Posts: 16,008
Trading: (47)
HUpmann
markem has disabled reputation
Default Re: Apple addressing security concerns.

A password that is 6 characters in length and is numeric has (10^7)-1 possible passwords. If you have a 2.4 GHz processor capable of generating one password in, say, 100 instructions, then about (2.4 x 10^7) / (10^2) passwords per second can be generated. Testing them to see if they are correct depends on the user interface.

Most people opt for the minimum on their ATM card, which is usually 4 digits. Doesn't make one feel too safe if the ATM card information (not the card, just a skimmer) is grabbed.

One doesn't need parallel processors. All the math in the crypto is interger-based, so a graphic processor is way faster. Take a look at the NVidea CUDA tools for crypto processing. A few GPUs and most crypto looks pretty lame.
markem is offline   Reply With Quote
Old 02-17-2016, 06:55 PM   #17
Weelok
Have My Own Room
 
Weelok's Avatar
5
 
Join Date: Jul 2011
First Name: Dave
Location: Elk Grove, CA
Posts: 2,146
Trading: (13)
RA
Weelok will become famous soon enough
Default Re: Apple addressing security concerns.

This is fascinating and the use of a graphics processor is a novel idea, if not a bit scary as they are so powerful. With regards to six digits being 10^7 -1 how is it calculated? This will be boring to most but I find it educational.

I admit to guessing on the 10^6 as I was just thinking 6 positions at 10 digits each but I am assuming it's some sort of combinatorial sequence? It's been a literal 30 years since my statistics and probability class and I can't say I really got it even then.
__________________
Drink, pray, smoke, and work out.
Weelok is online now   Reply With Quote
Old 02-17-2016, 07:00 PM   #18
markem
Mostly Harmless
 
markem's Avatar
11
 
Join Date: Oct 2008
First Name: Mark
Location: Casa TJ
Posts: 16,008
Trading: (47)
HUpmann
markem has disabled reputation
Default Re: Apple addressing security concerns.

Quote:
Originally Posted by Weelok View Post
This is fascinating and the use of a graphics processor is a novel idea, if not a bit scary as they are so powerful. With regards to six digits being 10^7 -1 how is it calculated? This will be boring to most but I find it educational.

I admit to guessing on the 10^6 as I was just thinking 6 positions at 10 digits each but I am assuming it's some sort of combinatorial sequence? It's been a literal 30 years since my statistics and probability class and I can't say I really got it even then.
Your insights are very close and almost exactly correct.

There are 10^6 passwords of length 6
10^5 of length 5, etc.

Add them together and you get 10^7 - 1
markem is offline   Reply With Quote
Old 02-17-2016, 07:13 PM   #19
Weelok
Have My Own Room
 
Weelok's Avatar
5
 
Join Date: Jul 2011
First Name: Dave
Location: Elk Grove, CA
Posts: 2,146
Trading: (13)
RA
Weelok will become famous soon enough
Default Re: Apple addressing security concerns.

Quote:
Originally Posted by markem View Post
Your insights are very close and almost exactly correct.

There are 10^6 passwords of length 6
10^5 of length 5, etc.

Add them together and you get 10^7 - 1
Ahhhh, that makes sense. I'm uncertain what Apple allows in the way of digits but I think your forced to either 4 or 6 digits. My iPhone 6s and mini 4 are basically the same and I think it's 6 digits only or Touch ID. I say think because I don't see any other options but that means little. Earlier Apple products I recollect were 4 or 6 digit pass codes so yes, more digits and combinations hah.

People are dieing while we talk math but we can talk tobacco Beatles and mold anytime.

So I guess back to topic, the issue now becomes not encryption as that's a ***** to crack but not erasing the data on failed pass code attempts. This is kind of a clever approach the FBI is taking as they are letting Apple encrypt but the pass code is so much easier to break all they want is a simple feature disabled? This is where privacy gets confused as technology and law are never at the same point in time.
__________________
Drink, pray, smoke, and work out.
Weelok is online now   Reply With Quote
Old 02-17-2016, 07:35 PM   #20
markem
Mostly Harmless
 
markem's Avatar
11
 
Join Date: Oct 2008
First Name: Mark
Location: Casa TJ
Posts: 16,008
Trading: (47)
HUpmann
markem has disabled reputation
Default Re: Apple addressing security concerns.

There are several technical issues at the heart of what Apple and others are championing. The 10-try limit is a way of saying that a normal person should get the password right in a few tries, so 10 or more is someone not authorized. Many issues buried in this. In general, the EFF is a good source on the broader issues (https://www.eff.org/).

The idea that the government wants is closely related to the term "key escrow" which is quite silly and should not be used except in very specific circumstances. Creating a master key (or even an algorithm for generating master keys on a per-phone basis) can never be truly be limited to just those authorized and the weakness it introduces fundamentally weakens the very carefully designed crypto mathematics and the protocols which depend on it.

Think of it kinda like the police saying that you must put a spare key under the back door mat "just in case" and then being assured that no one can find it.

btw, this still doesn't address possible issues with that backup you may have made to the iCloud. Completely different set of problems there.

edit: here is a good article from 2 years back.
https://www.eff.org/deeplinks/2014/1...ption-decision

Last edited by markem; 02-17-2016 at 07:44 PM.
markem is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 06:11 PM.


Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
All content is copyrighted jointly by Cigar Asylum and the content provider.