Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you can break AES... then the NSA would love to have a word with you :P

The FBI is going after the lowest hanging fruit, the users password that was used to create the crypto key.



The user's password is not used to create the crypto key; it is randomly generated and burned in at the factory.


It is used to create the crypto key, using a password based key derivation function, using the user's password fed into the PBKDF the output is the key used for encryption/decryption.

The users device key is mixed into that PBKDF. Without both parts of the equation, you have nothing.

For your reading enjoyment: https://www.apple.com/business/docs/iOS_Security_Guide.pdf

Specifically page 11 the diagram at the bottom.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: