[cryptography] Here's What Law Enforcement Can Recover From A Seized iPhone

Jon Callas jon at callas.org
Thu Mar 28 21:42:32 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mar 28, 2013, at 5:24 PM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:

> 
> All excellent, well articulated points. I guess that means that
> RSA Security is an insane company then since that's
> pretty much what they did with the SecurID seeds. Inevitably,
> it cost them a boatload too. We can only hope that Apple
> and others learn from these mistakes.

No, RSA was careless and stupid. It's not the same thing at all.

SecurID seeds are shared secrets and the authenticators need them. They did nothing like what we were talking about -- handing them out so the security of the device could be compromised. They kept their own crown jewels on some PC on their internal network and they were hacked for them.

> 
> OTOH, if Apple thought they could make a hefty profit by
> selling to LEAs or "friendly" governments, that might change
> the equation enough to tempt them. Of course that's doubtful
> though, but stranger things have happened.

Excuse me, but Apple in particular is making annual income in the same ballpark as the GDP of Ireland, the Czech Republic, or Israel. They could bail out Cyprus with pocket change.

If you want to go all tinfoil hat, you shouldn't be thinking about friendly governments buying them off, you should be thinking about *them* buying their own country.

	Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: iso-8859-1

wj8DBQFRVPGKsTedWZOD3gYRAmKzAKDkD8/myOnUQjpSQzohZ7i3OqC6QwCeJ69T
e81n4nVL+KTK7g72TLMeHow=
=JqMQ
-----END PGP SIGNATURE-----


More information about the cryptography mailing list