[Cryptography] Hope Apple Fights This!

[Jerry Leichter]

>> The response, of course, is to make sure you design your systems such
>> that you can't be put in this situation in the first place.  The newer
>> versions of Apple's phones, in fact, use a secure co-processor with
>> secure flash for this exact purpose.
>> 
> 
> Reading the Court order (posted on another thread) paragraph 2, the software functions (erase of user data upon password entry failures, time throttling of password entry attempts) that need to be customized for the forensic facilities are typically *not* implemented in a secure co-processor (or at least not implemented in a secure co-processor devoid of a flash re-programming capability).
> 
> Not that such an architecture is impossible: it is simply too antagonistic to product development culture to come up with a product where encrypted user data is irrevocably lost when an encryption key is zeroized.
The phone in question is apparently a iPhone 5C, which implemented all the security in the OS.

Starting with the next generation (the 5S), the chips implement a "secure enclave" which controls all access to the keying material and the OS cannot breach.  Reportedly its (presumably very rarely modified) code cannot be updated without clearing all the stored secrets.
                                                        -- Jerry