[cryptography] USG v. Apple and information security doctrine

listo factor listofactor at mail.ru
Sat Feb 27 02:26:29 EST 2016


On 02/20/2016 01:10 PM, John Young wrote:
> If Apple can hack its own security then the products are backdoors.

Perhaps. However:

If a system protects a secret with a 6-digit key and some fancy
hardware, the system can be brute-forced. Apple is not to be
blamed for assisting the adversaries of its customers (if it did,
or if and when it will do so), as much as it should be blamed
for telling its customers that the system they purchased is safe
to use with a 6-digit key.

(In Apple's defense, it must be said that the system is perfectly
operational with higher-entropy keys).

Those that criticize Apple should instead urge Apple's customers
to use adequate keys. That however flies in the face of prevailing
doctrine that security of digital systems must require absolute
minimum of user effort and understanding.

This incident is in my view only one more evidence that this
doctrine must be reexamined.

Factor



More information about the cryptography mailing list