[Cryptography] Thoughts on the Apple iPhone fiasco

[Peter Fairbrother]

On 17/02/16 16:58, Phillip Hallam-Baker wrote:
> It seems to me that Apple should 1) comply with the warrant and 2) fix
> their code.
>
> I was quite surprised by these conclusions. I had been thinking that
> the response should be to dig in. But when I look at the
> circumstances, this looks remarkably like Lavabit. Cryptography is
> involved but the design allows a trusted party to disclose the key.
> This is a trusted third party that got themselves into a situation
> where they could be coerced.

Agreed. If Apple are going to claim they can't decrypt iPhones, they 
should make sure that they really can't decrypt them.


The problem is in the use of short 4-numeral passwords. User convenient, 
but not cryptographically sound unless the number of possible input 
attempts is limited.


Of course it is is entirely possible for Apple to make an iPhone 
undecryptable by themselves - if an ordinary credit card can be 
input-attempt-limited, and that mechanism can be practically 
unbreakable, why not a 'phone or other device?

The chips in cards cost less than a dollar each, in bulk.


Of course the iPhone in question is an old model,and I gather that the 
latest iPhones have something similar, which is supposed to be 
unbreakable-by-Apple -

- but I don't know as I'd trust it, as it seems Apple have been caught 
lying about the unbreakability of iPhones ...



-- Peter Fairbrother