# nouser

Data encryption is readily available.  There are at least 60 software applications that provide military grade (256bit AES) encryption, many of them free.  These are not controllable by the Chinese or any government. This is the same encryption method that the NSA uses to keep our secret data secret.   If Apple were forced to build a back-door into their encryption, users who want their data and financial info secure would likely switch their encryption to one of these others.  Apple's approach using the Secure Enclave adds some defense to brute force attacks.  Basically this is what the FBI wanted from Apple. They wanted Apple to eliminate the iPhone's ability to erase the data after a certain number of failed attempts.  They also wanted a method to speed up the brute-force hack attempts. How long is your encryption key? Using the fastest super computers to attempt a brute-force crack on an encryption key could take years if you have chosen a very long key. The number of possible keys goes up exponentially with each added character in your key.   Of course, if you are in China and choose not to give up your encryption key to the government, you may disappear forever.

nouser
Joined
Visits
15
Last Active
Roles
member
Points
38
0
Posts
65

## Reactions

• ### FBI forensic expert calls Apple 'evil genius' for strengthening iPhone encryption

Some math for those interested in these things.  Last I looked into this there were 77 possible options to use for each character in an IOS passcode. 26UC, 26LC, + 10  numbers + 15 special ASCII printable characters.  To determine the possibilities you multiply 77 times itself for the number of characters in the passcode.

According to this article it now takes the FBI 18 seconds per brute force attempt to hack the new Apple IOS.  Frankly, I think FBI's Flatley misspoke as the length of time needed increases exponentially as the number of characters in the passcode increases. I also suspect accuracy of the 18 seconds per attempt quoted.

6 character passcode = 208,422,380,089 permutations  (77x77x77x77x77x77)
@ 18 seconds per attempt would take 7,137,752.7 years to try every code. 50% of the time the hack could take half as long or 3,568,876.4 years.
@ 45 attempts/sec = 8,803.2 years to try every code. 50% of the time the hack could take half as long or 4,401.6 years.

12 character passcode = 43,439,888,521,963,600,000,000 permutations (77x77x77x77x77x77x77x77x77x77x77x77)
@ 18 seconds per attempt would take 1,487,667,415,135,740,000 years to try every code. 50% of the time the hack could take half as long or 743,833,707,567,870,000 years.
@ 45 attempts/sec = 1,834,789,812,000,750 years to try every code. 50% of the time the hack could take half as long or 917,394,906,000,373 years.

So even without Apple's enhanced security improvement you can thwart the brute force hacks by using a long and complex passcode.  It is possible that the FBI or other highly funded organization could set up multiple hacking stations to run simultaneously.  Apple also gives us the option to erase after 10 failed attempts.

Long passcodes using special characters with no logical meaning are good insurance against this brute force method of attack.

• ### Justice Department asserts it could demand source code, signing key from Apple

For Sale: Brand new, beautiful futuristic saucer shaped headquarters building located in prime California area.  Perfect for a group like the FBI, NSA, CIA, or EPA government offices.  Original owner is relocating to Ireland and has no use for it.

• ### Samsung owes Apple \$539M for infringing on iPhone patents, jury finds

Seven years later and they continue to lose every appeal.  Shouldn't they be paying interest on that penalty?

• ### Woman sues feds over data retention after iPhone seized at border

If an iPhone owner had used a long passcode of say 12-16 characters to encrypt the data on an iPhone 6/6+, and had enabled the phone to erase the contents after 10 failed attempts, it would be a bit more difficult to believe that the data was compromised.  The claim that the data was compromised is only the owners "suspicion" at this point and no proof has been offered.  Unless the owner can prove that the data was compromised, this part of the complaint will likely be tossed.  What is of concern is under what circumstances a phone can be taken from the owner and not returned for 130 days. There is obviously a clear defined set of circumstances under which this can or cannot legally occur.

I'd like to hear the case.
Why was the phone taken from the owner? Under what rule and regulation?
Was there a reasonable suspicion of a potential crime?
Who took the phone and what was the ascribed reason?
What specific agency(s) had possession off the phone during the 130 days?
What was done to the phone over the course of 130 days?

I could imagine scenarios where this action might be proper as easily as I could imagine scenarios where this would not.

Wanting to hear more.
• ### Privacy not absolute: US among consortium of nations calling for encryption back doors

A quick google search for encryption software turned up 101,000,000 results.  These governments may want (or order) cellphone and computer makers to provide a back door to their products encryption but the internet is rife with encryption software products without backdoors from developers all around the world.  This is like them trying to push toothpaste back into the tube.  Data encryption is here worldwide and is not going away. Sure, they could try to pass a law that would attempt to put you in jail for not giving them the passkey but this has been litigated here and for now the SCOTUS has said they can't do that. Users who encrypt their data with very long alpha-numeric keys can be quite confident that these governments or hackers best supercomputers will not hack your passcode in your lifetime.

Lets look at the math:
There are typically ~192 possible options for each passcode character.  So the formula is 192 to the nth power where n is the number of characters in the passkey.
4 character passkey would make 1,358,954,496 possible combinations. (192x192x192x192)
6 character passkey would make 50,096,498,540,544 possible combinations. (192x192x192x192x192x192)
8 character passkey would make 1,846,757,322,198,610,000 possible combinations. (192x192x192x192x192x192x192x192)
12 character passkey would make 2,509,659,166,022,730,000,000,000,000 possible combinations. (192x192x192x192x192x192x192x192x192x192x192x192)

Ok, lets assume you set a 12 character passkey and a government or a hacker would get lucky and hack the passkey after testing only half the possible combinations, that is still 1,254,829,583,011,360,000,000,000,000 possible combinations to test.  I know of no law enforcement group or hacker with a bunch of super computers in their garage but for the sake of argument lets assume they bought a bright shiny new \$100,000,000 supercomputer that would be able to test 125,000 passkeys a second and be lucky enough to hit the passkey after only 50% of the possible attempts, In this case the passkey may get hacked in 318,323,080,418,915 years. Ok, say they apply 100 bright shiny new \$100,000,000 supercomputers to the task that means 3,183,230,804,189.15 years.

You can see this brute force approach is futile for users who set reasonably long passkeys.

Here are some typical hack times for these various passkey lengths:
4 characters -  1.5 days to test 50% and up to 3.0 days for 100%.
6 characters - 6.4 years to test 50% and up to 12.7 years for 100%.
8 characters - 234.2 years to test 50% and up to 468.5 years for 100%.
12 characters - 318,323,080,418,915 years to test 50% and up to 636,646,160,837,830.5 years for 100%.

Easy to see why they (government or hackers) might want a back door.

• ### Australian parliament will debate bill to weaken encryption by end of 2018

There are a ton of encryption applications freely available via the internet. A Google search of "Free encryption applications" turned up 93,700,000 hits.  If the Australian officials  attempt to force Apple to create a backdoor into Apple's encryption, they also would need to secure backdoors to all of these applications, many of which are developed in countries that would give Australia the middle finger.

Apple has a reputation of being one of the staunchest supporters of user data privacy among the technology companies.  Sort of a red line so to speak.  Everyone with even a half of a brain knows a backdoor would be hacked or leaked within months, maybe weeks, of release as would all your banking, purchasing and privacy. Really, without privacy, I have little use for a smart phone.

As mentioned by another poster, removal of Apple tech from the Australian market would very likely result in the removal of the officials responsible.  Australia, how is it you are electing such low IQ officials?
• ### Motor Trend spotlights 'Apple Car' development in June cover story

AppleCar...  The journey is the reward.