[Cryptography] Cost of creating huge theft targets [Was: Cost of remembering a password]
Dave Howe
davehowe.pentesting at gmail.com
Thu Aug 21 08:08:16 EDT 2014
On 20/08/2014 02:38, Jerry Leichter wrote:
> In the case of transfers between already-registered devices, it's not
> hard to see how to do this. Each registering device generates a
> public/private key pair and sends the public key to Apple, which in
> turn sends it to each other registered device. A device that uploads
> passwords encrypts them with a key-encryption-key, then delivers the
> encrypted data, plus the key encryption key encrypted with each of the
> public keys, to Apple, which in turn pushes it out to all the other
> devices.
Surely they could (on demand from a LEO, if nothing else) push an extra
key/replacement key out to all devices (or patch the code binary so that
it encrypts to an additional key), so next time a device uploads, they
have a backdoor? or am I missing something here?
More information about the cryptography
mailing list