Blackmarch Posted February 21, 2016 Report Share Posted February 21, 2016 If apple creates a piece of software that can work around all the major security on its products, thats pretty much a time bomb for the company. Even if apple doesnt give itnto any other party theres a chance it will get leaked or code will get leaked, at which point apple is liable for anynhacks that occur after such a leakage. Jojo Bags 1 Quote Link to comment Share on other sites More sharing options...
jerome1232 Posted February 21, 2016 Report Share Posted February 21, 2016 Whatever happened to good old brute forcing? Toss a dictionary at it, have they tried "all infidels die now" or "allah be praised"? I bet one of those will unlock it right there. But seriously. No. Backdooring the encryption is a terrible, horrible, no good idea. The most glaring problem, government aside, is that eventually people figure out where the backdoor is. People you definitely, not just maybe, but definitely don't want to be able to crack open encryption keys willy nilly. NeuroTypical 1 Quote Link to comment Share on other sites More sharing options...
Just_A_Guy Posted February 22, 2016 Report Share Posted February 22, 2016 My understanding (being an Android user myself) is that if you do more than a certain amount of failed login attempts, the iPhone will reset itself. The FBI apparently just wanted Apple to push an OS update that would keep the phone from resetting itself, and then the FBI would do their brute-force attack as per your suggestion. mordorbund 1 Quote Link to comment Share on other sites More sharing options...
Jojo Bags Posted February 22, 2016 Report Share Posted February 22, 2016 The plot thickens. The password was reset at the behest of the FBI and now they want a master key to unlock "just that phone." If you believe the FBI won't be using the master key to unlock all IPhones, then I've got some beach front property for sale in Arizona you might be interested in. http://www.buzzfeed.com/johnpaczkowski/apple-terrorists-appleid-passcode-changed-in-government-cust#.oqVzAWDBL8 Quote Link to comment Share on other sites More sharing options...
Blackmarch Posted February 22, 2016 Report Share Posted February 22, 2016 3 hours ago, Just_A_Guy said: My understanding (being an Android user myself) is that if you do more than a certain amount of failed login attempts, the iPhone will reset itself. The FBI apparently just wanted Apple to push an OS update that would keep the phone from resetting itself, and then the FBI would do their brute-force attack as per your suggestion. On the highest security setting, it does a security delete of all user data and apps. (ie its scrambles all the pertinent data rather than just rewriting file location info) Just_A_Guy 1 Quote Link to comment Share on other sites More sharing options...
unixknight Posted February 22, 2016 Author Report Share Posted February 22, 2016 (edited) @MormonGator: He's running for President as a Libertarian and yet is looking to help the FBI with this? I'm curious as to what his terms are... Edited February 22, 2016 by unixknight Quote Link to comment Share on other sites More sharing options...
jerome1232 Posted February 22, 2016 Report Share Posted February 22, 2016 (edited) 21 hours ago, Just_A_Guy said: My understanding (being an Android user myself) is that if you do more than a certain amount of failed login attempts, the iPhone will reset itself. The FBI apparently just wanted Apple to push an OS update that would keep the phone from resetting itself, and then the FBI would do their brute-force attack as per your suggestion. I'm fairly sure there is a utility you can run on a computer while the phone is connected via usb, that will simulate PIN attempts over the usb and aggressively cut power after each attempt which gets around the failed attempts limit. A bit slow maybe, but it's a 4 digit pin, it couldn't take *that* long. Probably no longer than a week or so for every combination to be tested. *Correction, it attempts 5 pins, then reboots the phone clearing the "failed attempts count" It can do every possible combination in 14 hours. Edited February 22, 2016 by jerome1232 Blackmarch and Just_A_Guy 2 Quote Link to comment Share on other sites More sharing options...
NeuroTypical Posted February 22, 2016 Report Share Posted February 22, 2016 My iPhone uses a full-blown password. No 4 digit or 5 digit pins. I forgot my password. After a few wrong tries, there was a 5 minute wait. Next wrong try, 30 min wait. Then 2 hours. Then 24. Then "Sorry, no iPhone for you". I contacted numerous tech support numbers - AT&T sent me to Apple, Apple tried to send me back to AT&T. The solution was basically to erase all data and start over from scratch. Quote Link to comment Share on other sites More sharing options...
kapikui Posted February 23, 2016 Report Share Posted February 23, 2016 7 hours ago, jerome1232 said: I'm fairly sure there is a utility you can run on a computer while the phone is connected via usb, that will simulate PIN attempts over the usb and aggressively cut power after each attempt which gets around the failed attempts limit. A bit slow maybe, but it's a 4 digit pin, it couldn't take *that* long. Probably no longer than a week or so for every combination to be tested. *Correction, it attempts 5 pins, then reboots the phone clearing the "failed attempts count" It can do every possible combination in 14 hours. Interesting. This would indicate one of two possibilities. One, that the FBI is run by a bunch of morons. and two, that the FBI doesn't really care about what's on the phone, but wants this software for another reason. Since it seems that the primary thing they want is a version of iOS that will let them make unlimited attempts to crack the pin, and utilities already exist to do that, moreover Apple almost certainly has most of what they've asked for already built. After all, such things would be almost required for testing. It seems that what the FBI is hoping for is some sort of precedent that will make it legal for them to force back doors into software. Just_A_Guy 1 Quote Link to comment Share on other sites More sharing options...
NeuroTypical Posted February 23, 2016 Report Share Posted February 23, 2016 (edited) 8 hours ago, kapikui said: This would indicate one of two possibilities. One, that the FBI is run by a bunch of morons. and two, that the FBI doesn't really care about what's on the phone, but wants this software for another reason. Or 3, dood's iPhone is like mine, and there is no 4 or 5 digit PIN, but instead a full-blown encrypted password of random size and complexity. Thus turning the "it couldn't take that long" notion, into a "yeah, it could take a million hours" notion. Right? I mean, I'm not saying the FBI isn't up to things. But no really - my iPhone doesn't have a cheap easy-to-crack PIN. Edited February 23, 2016 by NeuroTypical Quote Link to comment Share on other sites More sharing options...
unixknight Posted February 23, 2016 Author Report Share Posted February 23, 2016 (edited) Yeah that's the thing with any kind of serious encryption. Brute force attacks simply don't work with our current level of technology because it would literally take millions of years to try every possible combination, even at thousands of combinations per second. Encryption isn't about an absolute force field, it's about making it take too long to break through. The only reason phones like iPhones and Androids have a limited number of attempts is because it's easier to try to use social engineering to guess the password. Side note: With the advent of computers equipped with thermistors (sort of multi-state transistors) the amount of time it would take to crack traditional RSA encryption would be cut drastically. In a few more years, this discussion might well be moot unless and until an even better encryption approach becomes widespread. Edited February 23, 2016 by unixknight NeuroTypical 1 Quote Link to comment Share on other sites More sharing options...
NeuroTypical Posted February 23, 2016 Report Share Posted February 23, 2016 My password is Unixknight's favorite pistol caliber for his favorite conceal carry handgun, with a random !@#$% or ^ thrown in somewhere. unixknight 1 Quote Link to comment Share on other sites More sharing options...
kapikui Posted February 24, 2016 Report Share Posted February 24, 2016 13 hours ago, NeuroTypical said: Or 3, dood's iPhone is like mine, and there is no 4 or 5 digit PIN, but instead a full-blown encrypted password of random size and complexity. Thus turning the "it couldn't take that long" notion, into a "yeah, it could take a million hours" notion. Right? I mean, I'm not saying the FBI isn't up to things. But no really - my iPhone doesn't have a cheap easy-to-crack PIN. From what I've read, it actually IS just a short PIN. Their primary ask is for something that allows them to input the password multiple times without it deleting the data. It sounds exactly like they're going to try to brute force the phone. What they should do is pull the encrypted data off the phone and attack it with normal cryptoanalysis and a nice large supercomputer cluster. Quote Link to comment Share on other sites More sharing options...
jerome1232 Posted February 24, 2016 Report Share Posted February 24, 2016 Ah, I didn't realize you can use a full blown password when encrypting an iPhone. That changes things a lot. Though... if you have to type this password in everytime you unlock your device.... boy the chances of it being much better than the pin aren't very good. I was assuming a 4 digit pin, which would be very simple to brute force even with the failed login attempts limit. I assume you can physically tell when you try to unlock it whether they are using a regular pin or a password based on the keyboard that shows up. Quote Link to comment Share on other sites More sharing options...
Blackmarch Posted February 24, 2016 Report Share Posted February 24, 2016 On 2/21/2016 at 2:59 AM, jerome1232 said: Whatever happened to good old brute forcing? Toss a dictionary at it, have they tried "all infidels die now" or "allah be praised"? I bet one of those will unlock it right there. But seriously. No. Backdooring the encryption is a terrible, horrible, no good idea. The most glaring problem, government aside, is that eventually people figure out where the backdoor is. People you definitely, not just maybe, but definitely don't want to be able to crack open encryption keys willy nilly. while that's still an option that method gets trickier and trickier to pull off without breaking something, and the more complex something is, the more time consuming it is as well as more likely for something to go wrong. On that premise one could argue that the FBI are seeking a much easier/faster route. they could extract and copy the whole hard drive to another piece of equipment and brute force with that method, but would have to make another copy any time the copy scrambled itself. Quote Link to comment Share on other sites More sharing options...
unixknight Posted March 1, 2016 Author Report Share Posted March 1, 2016 So here's a bit of good news. A New York Federal judge has ruled in favor of Apple in a similar case. Quote Link to comment Share on other sites More sharing options...
NightSG Posted March 1, 2016 Report Share Posted March 1, 2016 On 2/18/2016 at 2:07 PM, Just_A_Guy said: There has to be precedent for this kind of thing; and I wonder why we don't just follow that precedent (whatever it may be) when it comes to encrypted data. Let's look at a similar hypothetical. Andrew Jackson was a judge around the time of the founding of our nation. Strong encryption has been available since the invention of the one-time pad, which was used in ancient civilizations, so a strong (but often not unbreakable - a long enough message using a one time pad can generally still be solved by certain methods) cipher is hardly an idea the Framers wouldn't have been aware of when the Fourth Amendment was being debated. Now, let's say that Judge Jackson was asked to compel a local mathematician/linguist/whatever to decode a message found on the corpse of a foreign spy. What do you think his answer would be? (Assuming, of course, that the local talent has no connection to the spy other than a reputed knack for solving such puzzles.) Let's take it one step further in the interest of similarity to the current case; assume the local talent developed and published the method used in the cipher, and as such, would be potentially harmed by developing a method to break it, especially since said method would have to be examined by the court. (Otherwise, he could simply tell them the message says whatever he wants them to believe, so it would be a gross miscarriage of justice to use the information without being able to verify the legitimacy of it.) Just_A_Guy 1 Quote Link to comment Share on other sites More sharing options...
unixknight Posted March 1, 2016 Author Report Share Posted March 1, 2016 I'm not sure Andrew Jackson is exactly a good model for an analogy like this. I have no doubt at all Jackson would have taken the side of the FBI in this one. I'd be a lot more interested in what Jefferson would have had to say, since he was more of a Constitutional scholar AND one of the founding fathers. (Admittedly the Louisiana Purchase was arguably unconstitutional, but still a better example than Jackson!) Quote Link to comment Share on other sites More sharing options...
Guest MormonGator Posted March 1, 2016 Report Share Posted March 1, 2016 13 minutes ago, unixknight said: . I'd be a lot more interested in what Jefferson would have had to say My thoughts totally. Well said. Quote Link to comment Share on other sites More sharing options...
NightSG Posted March 1, 2016 Report Share Posted March 1, 2016 2 hours ago, unixknight said: I'm not sure Andrew Jackson is exactly a good model for an analogy like this. Of course he is; he's dead, so you can't get him to disprove my claim. And yes, he did have his little issue with the Indians, (Who didn't at the time?) but we're assuming a spy from some culture he didn't consider essentially subhuman. unixknight 1 Quote Link to comment Share on other sites More sharing options...
Just_A_Guy Posted March 1, 2016 Report Share Posted March 1, 2016 I kind of agree in that I don't see what Jackson, specifically, has to do with this sort of thing. But as for your hypothetical--to me, it seems difficult to visualize the framers being comfortable with a private citizen being pressed into service in that way. Then again, these are some of the same folks who passed the Alien and Sedition Acts . . . Vort 1 Quote Link to comment Share on other sites More sharing options...
Vort Posted March 1, 2016 Report Share Posted March 1, 2016 40 minutes ago, Just_A_Guy said: Then again, these are some of the same folks who passed the Alien and Sedition Acts . . . An excellent and very relevant point. Quote Link to comment Share on other sites More sharing options...
Jojo Bags Posted March 2, 2016 Report Share Posted March 2, 2016 On 2/23/2016 at 4:50 PM, kapikui said: Interesting. This would indicate one of two possibilities. One, that the FBI is run by a bunch of morons. and two, that the FBI doesn't really care about what's on the phone, but wants this software for another reason. Since it seems that the primary thing they want is a version of iOS that will let them make unlimited attempts to crack the pin, and utilities already exist to do that, moreover Apple almost certainly has most of what they've asked for already built. After all, such things would be almost required for testing. It seems that what the FBI is hoping for is some sort of precedent that will make it legal for them to force back doors into software. Well, a case could be made for both. Quote Link to comment Share on other sites More sharing options...
unixknight Posted March 2, 2016 Author Report Share Posted March 2, 2016 Congressional hearings on the matter. This quote blew my mind: “The logic of encryption will bring us to a place in the not too distant future where all of our conversations and all our papers and effects are entirely private,” -FBI Director James Comey. ....like that would be a bad thing. ARE YOU *#$*!@#!*( KIDDING ME?!?!?!?!?!?! This yahoo is who we have running the FBI?!?!?! This guy has a duty to uphold the law and he's whining about our ability, as private citizens, to safeguard our own privacy when the Government ignores the 4th Amendment. Yes, Mr. Comey I realize that in a terrifying future we may well be in a position where we don't have to just take your word for it that you won't use the vast resources at your disposal to completely ignore our 4th Amendment rights. How horrifying. And then there's this mindless gem: “We’re asking Apple to take the vicious guard dog away and let us pick the lock,” Comey said. “It’s not their job to watch out for public safety. That’s our job.” This comment is completely idiotic because it is literally saying that only the FBI should be able to "protect" us. Mr. Comey, you have failed in that regard miserably, because we're living in a time where the average American has more to fear from our own Government than we do from international terrorists. You're just gonna have to cope with the fact that we'd rather handle our own safety, thanks, and not continue to let thugs like yourself erode our freedom so you can play hero and grab more power. It's bad enough we have already lost some of our liberties for nothing more than security theater. You, and people like you, are EXACTLY the sort of threat George Orwell warned us about. /rant NightSG and Blackmarch 2 Quote Link to comment Share on other sites More sharing options...
jerome1232 Posted March 29, 2016 Report Share Posted March 29, 2016 (edited) So let's all do a slow clap for the FBI. *slow clap* They broke into the phone themselves (well they hired a third party to do it) I'm guessing they figured out how to clone the contents of the image and bruteforce the multiple images? Anyways another slow clap for them. They really should share the method used with Apple though, what poor sports. http://money.cnn.com/2016/03/28/news/companies/fbi-apple-iphone-case-cracked/index.html?sr=twCNN032816fbi-apple-iphone-case-cracked1017PMStoryPhoto&linkId=22802920 Edited March 29, 2016 by jerome1232 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.