Originally Posted by redefiler
Ok, technically iCloud documents are encrypted when stored on Amazon or Azure - wherever they landed in your account.
However the keys they are encrypted with are escrowed by Apple and provided when you authenticate, or when an Apple service needs data. I don't consider that "encryption" since it's pretty much transparent to me or Apple.
There are multiple entry points into iCloud. Apple just recently fixed in the last couple of days a way where there was no rate limiting to brute force password attempts against Apple ID's.
Complexity - it's the enemy of security.
Apple already has clearly posted iCloud encryption details, but please continue to refute them.
Yup - but it's not the same kind of encryption that solutions like 1Password offer - it's more equivalent to session encryption like SSL than what most would think of as true data at rest encryption, and why I don't really think of it as "encryption" in the context of what we are discussing.If I was the only one who could decrypt the iCloud encryption and Apple couldn't then we would be talking the same thing
- we aren't. Apple can (and must due to the way many services that depend on iCloud documents work) decrypt everything in your iCloud since it escrows those keys.
Yes, there are different types of encryption! Do you want your fish treat now or later? 1Password has certainly trained you well to jump through their hoops. Where would I be without their special magic encryption? Oh yeah, right here and still secure.
lol - again, your ignorance is showing. There is no way Apple - or AgileBits - can decrypt my 1Password password store. I'm the only one that can, unless I pick an exceedingly stupid password.
To get to your password list in iCloud all someone has to do is find one way into your account or iCloud - of which there are multiple potential entry points. I'm a huge fan of Apple, have two factor authentication enabled but still wish they would take some extra steps.
For example, two factor won't stop someone who guesses your password from restoring a backup to a different device
. Apple is considering changing that (good!). If someone gets some malware onto your computer and steals your iTunes authentication token, bam - they can get also get to your backup. If you opened your password doc on any of your mobile devices, it could be cached on it and in your backup - bam, they have your password list.
That's what I'm talking about with multiple entry points. I'm sure more could be pointed out with a bit more effort - but why try - that's already three too easy for me. With 1Password there is one, and only one entry point. It doesn't matter if someone get's a copy of my file - the encryption algorithm used for the master password has rate limiting built into it's core (see PBKDF2
). iCloud encryption has none of that safety built in. Which is not a problem since that's not what it's encryption was ever intended to solve! iCloud's encryption was designed to keep your data safe from others while on Apple's service providers networks (again, just as SSL is designed to keep your communication private between you and a server on the Internet, but does nothing to encrypt your data on the server itself). iCloud encryption was never meant to shield it from Apple or large chunks of the Apple ecosystem like iWork. Back to the different encryption styles you still openly mock out of what is obvious ignorance (or stupidity/stubbornness).
TL;dr - That the encryption iCloud and 1Password both use a password at one point is about all they have in common.Humans really do suck at assessing risk
Anyway, suffer under your false sense of security. It's obvious your never going to listen to reason. Hopefully mine and others responses to you might show someone else reading this thread that thought you might have a clue instead just how wrong they would be and can save them some potential heartache.