[Cryptography] About those fingerprints ...

Jerry Leichter leichter at lrw.com
Wed Sep 11 13:13:22 EDT 2013

On Sep 11, 2013, at 9:16 AM, "Andrew W. Donoho" <awd at DDG.com> wrote:
> Yesterday, Apple made the bold, unaudited claim that it will never save the fingerprint data outside of the A7 chip.
By announcing it publicly, they put themselves on the line for lawsuits and regulatory actions all over the world if they've lied.

Realistically, what would you audit?  All the hardware?  All the software, including all subsequent versions?

This is about as strong an assurance as you could get from anything short of hardware and software you build yourself from very simple parts.

> Why should we trust Cook & Co.? They are subject to the laws of the land and will properly respond to lawful subpoenas. What are they doing to ensure the user's confidence that they cannot spread my fingerprint data to the cloud?
Apparently not enough to give *you* confidence.  But concerned as I am with recent revelations, it doesn't particularly concern *me* nearly as much as many other attack modalities.

> These questions also apply to things like keychain storage. Who has audited in a public fashion that Apple actually keeps keychains secure?
There's been some very limited auditing by outsiders.  I found one paper a while back that teased apart the format of the file and figured out how the encryption worked.  It appeared to be secure (if perhaps overly complicated), but damned if I can find the paper again.  (Searching these days turns up tons of articles that center about the fact that when a keychain is unlocked, you can read its contents.  The vulnerability issues are subtle, but they only apply at all if you're on the same machine as the unlocked keychain.)

It would be a nice thing if Apple described the algorithms used to encrypt keychains.  Perhaps this is the time to push them - and others - to be much more open about their security technologies.  Apple seems to be making a point of *selling* on the basis of those technologies, so may be particularly willing/vulnerable on this front.

> How do we know whether Apple has perverted under secret court order the common crypto and other libraries in every phone and iPad?...
You don't.

Then again, you don't know if Intel has been forced to include something in its chips that allows someone with appropriate knowledge to download and run privileged code on your machine.  All modern Intel server chips include a special management mode exactly to allow remote control over servers in a large datacenter, regardless of how screwed up the software, including the OS software, on them gets.  Who's to say there isn't some other way to get into that code?

Who you choose to trust and how much is ultimately your call.  There are no answers to your questions.
                                                        -- Jerry

More information about the cryptography mailing list