Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment Re:don't believe his lies (Score 2) 161

It's not as simple as that, the following was from a fellow slashdotter on a different post, I sent a copy to friends because I found it so interesting. Unfortuanately I did not keep a copy of WHO he was, my apologies to him for posting it again without attributing it to him.

You mistake an iPhone's unlock code with the iPhone's encryption key. the iPhones do typically use a 4-6 digit pin as an unlock code. The user also has the ability to create a full alphanumeric password for the unlock code as well. However, that is simply the code that's used to unlock the actual full encryption key that is stored within dedicated crypto hardware. Apple uses a dedicated chip to store and process the encryption. They call this the Secure Enclave. Within the secure enclave itself, you have the device's Unique ID (UID) . The only place this information is stored is within the secure enclave. It can't be queried or accessed from any other part of the device or OS. Within the phone's processor you also have the device's Group ID (GID). Both of these numbers combine to create 1/2 of the encryption key. These are numbers that are burned into the silicon, aren't accessible outside of the chips themselves, and aren't recorded anywhere once they are burned into the silicon. Apple doesn't keep records of these numbers. The second half of the encryption key is generated using a random number generator chip. It creates entropy using the various sensors on the iPhone itself during boot (microphone, accelerometer, camera, etc.) This part of the key is stored within the Secure Enclave as well, where it resides and doesn't leave. This storage is tamper resistant and can't be accessed outside of the encryption system. Even if the UID and GID components of the encryption key are compromised on Apple's end, it still wouldn't be possible to decrypt an iPhone since that's only 1/2 of the key. The secure enclave is part of an overall hardware based encryption system that completely encrypts all of the user storage. It will only decrypt content if provided with the unlock code. The unlock code itself is entangled with the device's UDID so that all attempts to decrypt the storage must be done on the device itself. You must have all 3 pieces present: The specific secure enclave, the specific processor of the iphone, and the flash memory that you are trying to decrypt. Basically, you can't pull the device apart to attack an individual piece of the encryption or get around parts of the encryption storage process. You can't run the decryption or brute forcing of the unlock code in an emulator. It requires that the actual hardware components are present and can only be done on the specific device itself. The secure enclave also has hardware enforced time-delays and key-destruction. You can set the phone to wipe the encryption key (and all the data contained on the phone) after 10 failed attempts. If you have the data-wipe turned on, then the secure enclave will nuke the key that it stores after 10 failed attempts. Whether the device-wipe feature is turned on or not, the secure enclave still has a hardware-enforced delay between attempts at entering the code: Attempts 1-4 have no delay, Attempt 5 has a delay of 1 minute. Attempt 6 has a delay of 5 minutes. Attempts 7 and 8 have a delay of 15 minutes. And attempts 9 or more have a delay of 1 hour. This delay is enforced by the secure enclave and can not be bypassed, even if you completely replace the operating system of the phone itself. If you have a 6-digit pin code, it will take, on average, nearly 6 years to brute-force the code. 4-digit pin will take almost a year. if you have an alpha-numeric password the amount of time required could extend beyond the heat-death of the universe. Key destruction is turned on by default. Even if you pull the flash storage out of the device, image it, and attempt to get around key destruction that way it won't be successful. The key isn't stored on the flash itself, it's only stored within the secure enclave itself which you can't remove the storage from. Each boot, the secure enclave creates it's own temporary encryption key, based on it's own UID and random number generator with proper entropy, that it uses to store the full device encryption key in ram. Since the encryption key is also stored in ram encrypted, it can't simply be read out of the system memory by reading the RAM bus. The only way I can possibly see to potentially unlock the phone without the unlock code is to use an electron microscope to read the encryption key from the secure enclave's own storage. This would take considerable time and expense (likely millions of dollars and several months) to accomplish. This also assumes that the secure enclave chip itself isn't built to be resistant to this kind of attack. The chip could be physically designed such that the very act of exposing the silicon to read it with an electron microscope could itself be destructive. TLDR: Brute forcing the unlock code isn't at all possible through pretty much any means...reasonable or even unreasonable...maybe...JUST MAYBE...it's possible through absurdly unreasonable means.

Comment Re:public servants (Score 1) 126

there's no good reason to keep it secret other than the government wanting to keep hidden that which they'd prefer the public not see.

Which is precisely why it's all secret, because they are getting up to shit that would have the public up in arms (literally). It took Edward Snowden stealing documents and making a run for it to even start making all the crap they are up to public knowledge. Even after what he revealed the American sheeple are standing around going "oh, well, it's for our safety" and nothing has changed. Edward still can't come home.

Comment Yeah - stupid idea (Score 1) 583

Where I live this would result in @ss hats sitting in the middle of the road. It happens all the time when they resurface the road and have not repainted the lines. Since each job is contracted out the contract to paint the lines could be still getting bribes... I mean *incentives* and can sometimes lag up to six months after the road is resurfaced. During that time lots of people just drive smack bang in the middle and sometimes you have to hug the side of the road to get past them, and then they give YOU a dirty look like you were on their side of the road.

Comment Re:Take back Slashdot (Score 1) 1309

Can't mod you any higher, so I will just like to say I agree. Mod or Post, not both. /.'s moderation system is the best I have encountered out there, not to say it does not have some downsides (certain types of posts get -1 modded into oblivion regardless of their actual value) but it's the best I have come across.

Comment Re:Refugees (Score 3, Insightful) 308

Bullshit, you have been arming the "moderate" rebels for years, who either defect to ISIS or hand the weapons over to ISIS. Gaddaffi used to be your ally until you turned on him and bombed the living shit out of his country. How water treatment plants and power stations are military targets I still haven't figured out. America's democracy is a joke, no matter who you vote in, all you are changing is the puppet in front of the camera's. Why the hell did you invade Iraq when the "mastermind" behind 9/11 was in Afghanistan? Oil.

Strictly speaking we didn't cause the fire.

Yes you did, with your meddling in their politics, funding and arming "freedom fighters" which is a small disgruntled minority you can find in ANY country to further your own political and financial agenda's. Drone strikes have created more radical extremists then anything else you have done. If I was at a wedding and you dropped a bomb on it because my nephew Yusuf once dialled a wrong number and is now linked to a terrorist group I would be pretty fucking radical after that.

Sure we removed the fire department and we struck the match

So why the fuck did you even do THAT? Their biggest issue has always been America meddling in their affairs, the problem is your economy is driven by war, you keep bloody starting them (although you suck at ending them - and I don't agree with that list either, you lost the Korean war). America has been around about 236 years, and for 214 years of that you have been at war. Around 90% of the time.

So it's really not our fault...

Yes, yes it is.


I also love how any critical posts of the USA get modded into oblivion. See you on -1 side.

Comment Re:An NDA works and makes for Target to sue (Score 1) 234

Heh, did this myself. You give me a server on the other side of the firewall and I will get through it. Firewalls are for stopping id10t's from watching cat videos all day. At one point I didn't want to expose any ports on my home network so I wrote a program to check my gmail every 5 minutes. I could send an email to my home email and give my home pc instructions to do stuff, download this, zip it up and mail it to xyz. Eventually I just shelled out some bucks for a cheap ass virtual server somewhere, the lag in the email thing got up my nose. But basically if you allow internet access (even just email) and get in people who are competent you better get people you can trust. To be honest that can be said for all IT work, if you don't trust the guys digging around in your database / code you are screwed.

Comment Re:No Context (Score 1) 186

It may do, but I worked for a company specializing in and could not work for another company which specialized in for two years afterwards. Something I can completely understand, they did not want me running off with insider knowledge of and going to one of their competitors. So in certain circumstances I understand why it's in contracts.

Comment Re:This has obvious value (Score 1) 230

Since the Caliphate by definition wants to take over the rest of the world, this option really doesn't help for ISIS.

So you invaded first to stop them? Just in case they decided to stop fighting amongst each other long enough to actually become a threat?
Or did you want the oil?
The only way there will be peace in the middle east is when it becomes a glass bowl, otherwise every war there is going to be a terrorist war, which suck. I've lived through one, it's not fun. Stop letting your corporations lead your country around by the nose and forget the oil, pour all the trillions you wasted dropping bombs and then food into the middle east into other forms of energy and you would not need the oil. BTW it would have been more effective to drop the food first, then one bomb.

Comment Re:Netflix doesn't care (Score 1) 172

Whilst I agree with you, I fear that the number of bookstores will dwindle, until you get "speciality" bookshops only. Just a sign of the times I'm afraid. I myself gave most of my books to charity when I last moved, smaller place, cost too much to pack them for moving. I only kept my absolute favourites. I get a warm fuzzy feeling walking into a library etc. but you have to agree that soon no one would open a book shop to make a living. BTW that's what I plan to do when I retire, open a bookshop to keep me occupied and active.

Comment Re:Netflix doesn't care (Score 1) 172

'per geography' distribution models are starting to crack

It's an old archaic method of licensing and should be scrapped entirely, just like video stores and bookshops are dying out because they have become obsolete. We are a global village now, and it's about time the media cartels pulled their collective heads out of each others asses and smelled the roses.

Slashdot Top Deals

After Goliath's defeat, giants ceased to command respect. - Freeman Dyson

Working...