[Cryptography] The FBI can (almost certainly) crack the San Bernardino iPhone without Apple's help

Ray Dillinger bear at sonic.net
Wed Mar 2 16:41:22 EST 2016



On 03/01/2016 09:03 PM, Phillip Hallam-Baker wrote:

> Unless you have something like the secure enclave, i.e. a dedicated
> CPU with direct connection to the associated storage, the system is
> going to be hackable.

> Microsoft did some really good work on the TPM system some years back,
> work that I was mighty upset got a really bad reception from the
> EFF/GNU/BULLRUN crowd.
> 
> Having a Security Computing Unit (SCU) should be as ubiquitous in
> computer hardware as a GPU or a WiFi chip.

> Yes, infrastructure such as TPM chips and secure enclave could
> conceivably be used by DRM systems. But that isn't why those systems
> were developed and that is not what they are actually good at.

Which brings us to a point.  The last three times I've bought a
laptop, the BIOS has been configured with a password that I as a
customer was not given, which twice I had to get from a confused
tech support rep (pointing out that damnit I OWNED the device and
could install what the hell I wanted), and the third time I just
went screwit and took debugging leads to the board to reset it.

All this, so I could install a non-microsoft OS.  And I had to
pay for the microsoft OS (which I never booted) all three times
regardless because the laptop is not sold without it.

If these devices were supplied with TPM chips, may we suppose that
their initial configuration would be any more generous to those
of us who do not choose to use the "approved" software?  By analogy,
is the iPhone useful, AT ALL, to anyone who does not choose to run
iOS?  To anyone who does not use Apple's storage solutions?  To
anyone who gets software from places other than the Apple Store?

MS is selling Windows phones and tablets that literally *CAN'T*
run any other operating system, exactly the same way. Good luck
running the supposedly "open" Android system without being part
of Google's carefully-contained ecosystem, too.

To put it bluntly these tablets and phones are not general-
purpose computing devices; they're rented plots inside the
service providers' walled gardens.  And for my laptop and
desktop devices I need general-purpose computing devices.

Would the TPM really have been used any differently? The
Secure Enclave *could* have been used differently, but it
isn't.  Ever.  Is the way the Secure Enclave is actually
being used any different from the fears the EFF had about
the TPM?

I want the security.  But I don't want the system I'd get if
that security were a commodity that software or service
providers could use to create captive markets in their walled
gardens.

			Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160302/fc106a40/attachment.sig>


More information about the cryptography mailing list