Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
What's the story with these ads on Slashdot? Check out our new blog post to find out. ×

Comment Re:Very sad - but let's get legislation in place N (Score 3, Informative) 706

And why should it? For the sake of argument do you think the government should tell you that you MUST install a home security system, have dead bolts on every exterior door, require exterior doors be steel or solid wood, limit the side of windows to no more than 1" by 1" or require bars?

If you're in business and promising your customers that you're keeping their stuff secure, well, yeah, there should be legal penalties for not meeting some standards of due diligence (admittedly, there's quite a bit of wiggle room as to where those standards should be set).

Comment The System Is Hardened Against That (Score 1) 392

Smartphone encryption uses composite keys, made by combining the password the user punches in to gain access with a digital key baked into the phone. The latter is hard to extract by physical examination, and too strong to brute-force (256 bits, IIRC). Thus, an attack against an offloaded copy of the encrypted data is very difficult (effectively impossible if the attacker botches the attempt to extract the device key and burns it), and an attack against the user password alone can only be done on that device.

Comment You Missed The Stupidest Statement Of All (Score 1) 392

Apple and Google replied, in essence, that they could not [access the phones] — because they did not know the user’s passcode. (...United Way Update...) There is no evidence that it would address institutional data breaches

In words of one syllable (well, I can't do anything about the fact that "Apple" and "Google" are two syllables, so the authors of the article will just have to pop an aspirin and such it up): The whole point is to stop that kind of data leak -- if Apple and Google don't have it, a bad guy can't steal it from them.

Comment Re:It's the base assumption that its invalid (Score 2) 392

Safes can be accessed with a warrant only because it is beyond our ability to make an uncrackable safe.

That's not really a significant difference, since is is within our ability to make safes that are effectively impossible to crack without destroying the contents, which is equivalent from the point of view of government agents seeking information.

Comment Re:It's the base assumption that its invalid (Score 1) 392

Another approach would be breakable encryption with an auditable trail such that anyone who breaks an individual's encryption would have to defend such actions in court.

Voo-doo magic does not count as "another approach". (I am using the term in its precise technical sense. Unless the Feds' actions in breaking one copy of the file somehow produce observable effects upon the owner's copy of the same file (i.e. voo-doo magic), there is no way to "audit" their behind-the-scenes actions.)

The moon is a planet just like the Earth, only it is even deader.

Working...