[Cryptography] Hope Apple Fights This!

Andrew Donoho awd at ddg.com
Thu Feb 25 16:53:15 EST 2016


> On Feb 25, 2016, at 08:58 , Jerry Leichter <leichter at lrw.com> wrote:
> 
> So far, Apple (and others) have decided *not* to respond technically to demands for copies of information uploaded to their servers.  Apple could certainly encrypt the uploads.  It would have to do so using a key unavailable to them, which makes sharing across devices more complicated:  There would have to be a common key across all the devices sharing the software *distinct from* the key used to log in to the Apple account, since that's revealed to Apple every time you log in.  But it could certainly be done.  (Most on-line backup services already provide the option to use a private - never revealed to the service - key.)




Gentlemen,



	Apple provides at least two secure cloud services for developers: Keychain syncing and CloudKit. Apple claims in their security document that they cannot unlock the Keychain nor CloudKit. Of course, the developer has to use the security services. While they are quite straightforward, they are documented in a somewhat haphazard fashion. The Keychain is particularly poorly documented. I depend upon Apple’s inability to decrypt the keychain for my cryptographically private apps. I have also been privately assured that Apple does not believe they can crack their keychain. The weak point into the keychain is from the phone or a Mac on the same iCloud account.



Anon,
Andrew
____________________________________
Andrew W. Donoho
Donoho Design Group, L.L.C.
awd at DDG.com, +1 (512) 750-7596, twitter.com/adonoho

New: Spot marks the taX™ App, <http://SpotMarksTheTaX.com>
Retweever Family: <http://Image.Retweever.com>, <http://Retweever.com>

No risk, no art.
	No art, no reward.
		-- Seth Godin


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160225/1c05ed53/attachment.html>


More information about the cryptography mailing list