[cryptography] Here's What Law Enforcement Can Recover From A Seized iPhone
iang at iang.org
Fri Mar 29 06:02:32 EDT 2013
On 29/03/13 06:42 AM, Jon Callas wrote:
> I don't believe that it is in the interests of a company to shaft its customers. ...
Right, this is why I like Apple. This is the same secret as in the
gambling industry. The house always wins -- so why bother cheating?
Better to actually go the other way and be ultra honest and work to your
customers needs. Indeed, in casinos, they hand free money out at the
slightest complaint, it's called "comping". Why? Coz 99 out of 100
customers will simply play the money back into the house.
> Let me ask again -- what could an LE or GOV offer that would be better than being cool?
Be More Cool?
The LEAs might be stupid (a better term might be "behind") but the
spooks definitely aren't. The latter have been working on how to
breach organisations for about a century (in the USA, several centuries
elsewhere), they wrote the manual on it many times over. It's their
job, why do we subconsciously think we can defeat them at it because
we're smarter or cooler?
There are ways to seduce such an organisation. Share work on a cool
secret project . Once inside, loyalties can be shifted, rich
contracts can be loaded with conditions, products can be shifted.
A second way is to offer cool people, who have primary loyalties that
one doesn't notice. If we recall 20 year pensions, this is surprisingly
easy to arrange. Ask your HR department how they'd feel about employing
someone with 20 years of experience in secret spook technology.
Recently retired, looking for a new challenge!
HR are going to be highly positive about this person. They will see
talk of potential conflicts of interest as blather from over imaginative
geeks living in conspiracy la-la land. Once a high-tech business model
gets rolling, the demand for good techs is insatiable.
 Apropos other thread on DES and 56 bit keys:
"NSA worked closely with IBM to strengthen the algorithm against all
except brute force attacks and to strengthen substitution tables, called
S-boxes. Conversely, NSA tried to convince IBM to reduce the length of
the key from 64 to 48 bits. Ultimately they compromised on a 56-bit key."
Apparently in their own words, the NSA manipulated a cool project by
being cooler. As another pointer, Ross Anderson once posted about an
article in "Foreign Policy" journal (memory may trick me here) which
outlined how they manipulated the South African crypto industry.
More information about the cryptography