undefined | Better HN

0 pointsj_jochem10y ago0 comments

So I've been wondering, since the PIN is obviously not a strong cryptographic secret, the way the encryption works is basically security by obscurity.

All an attacker would have to to was clone the contents of the the device's SSD and somehow read the secret key that is embedded somewhere else. I'm not sure how feasible the latter part is, but surely this shouldn't be beyond the capabilities of US three-letter-agencies?

0 comments

jonknee10y ago

It's much more complicated than that (which is why the FBI needs help). The encryption uses the PIN and a key that is in the phone. If you take the image and try all the PIN combinations you will fail because you don't have the embedded key.

http://www.darthnull.org/2014/10/06/ios-encryption

> The UID key is used to create a key called “key0x89b.” Key0x89b is used in encrypting the device’s flash disk. Because this key is unique to the device, and cannot be extracted from the device, it is impossible to remove the flash memory from one iPhone and transfer it to another, or to read it offline. (And when I say “Impossible,” what I really mean is “Really damned hard because you’d have to brute force a 256-bit AES key.”)

Newer phones also include a secure enclave that introduces another key and hardware restrictions on timing. The FBI's request wouldn't make sense for a modern iPhone.

j_jochemOP10y ago

How does "cannot be extracted" work? There must be some physical representation of the key inside the phone, so surely it should be posible to retrieve it somehow (e.g. using a scanning tunnel microscope or whatever)?

RandomBK10y ago

I don't know if this is implemented in the iPhone's Security Enclave, but many modern HSMs are designed so that physical tampering (such as extracting the chip for analysis) damages/destroys the data.

StreamBright10y ago

The pin is just used for getting access to the actual key that is used to decrypt the content as far as I know.

j_jochemOP10y ago

That's exactly what I was talking about: The actualy key has to be stored somewhere, too. Why can't we just read it using an STM?

j / k navigate · click thread line to collapse

0 pointsj_jochem10y ago0 comments

So I've been wondering, since the PIN is obviously not a strong cryptographic secret, the way the encryption works is basically security by obscurity.

0 comments

jonknee10y ago

http://www.darthnull.org/2014/10/06/ios-encryption

Newer phones also include a secure enclave that introduces another key and hardware restrictions on timing. The FBI's request wouldn't make sense for a modern iPhone.

j_jochemOP10y ago

RandomBK10y ago

StreamBright10y ago

The pin is just used for getting access to the actual key that is used to decrypt the content as far as I know.

j_jochemOP10y ago

That's exactly what I was talking about: The actualy key has to be stored somewhere, too. Why can't we just read it using an STM?

j / k navigate · click thread line to collapse