The NSA Can't Crack the iPhone's Encryption

[PhazeDelta1]

Interesting nontheless.

Quote:

At the heart of Apple's security architecture is the Advanced Encryption Standard algorithm (AES), a data-scrambling system published in 1998 and adopted as a U.S. government standard in 2001.
After more than a decade of exhaustive analysis, AES is widely regarded as unbreakable. The algorithm is so strong that no computer imaginable for the foreseeable future-even a quantum
computer-would be able to crack a truly random 256-bit AES key. The National Security Agency has approved AES-256 for storing top-secret data.

Source


Another interesting but lengthy article about the security on the iPhone.

http://www.technologyreview.com/news...ity-threshold/

[sykozis]

According to numerous responses to the article in the second link, jailbreaking the phone defeats the security measures. Of course, also according to the article in the second link, it would take 25 years to "brute force" the PIN lock code.... So, it's not that it's unbreakable.....just going to take a crapload of time.

[EspHack]

im a sure a group of mathematicians can "brute force" it faster with some calcs, if they say it will take several years that gives them a start, thats all numerical digits right? and brute force just start counting from 0 to whatever is the key, so they can calculate where to start if it is going to take "several years" maybe instead of 0 they choose the brute force attack to start at 200,000

[sykozis]

That 25 years is based on a 10-char PIN lock code being used. Can be done within hours with 4 or 6 char PIN lock codes.....of course, that's according to the article from hyperlink 2. Apparently there has to be some delay between attempts, else the phone wipes itself.

[PhazeDelta1]

Quote:

Originally Posted by sykozis

According to numerous responses to the article in the second link, jailbreaking the phone defeats the security measures. Of course, also according to the article in the second link, it would take 25 years to "brute force" the PIN lock code.... So, it's not that it's unbreakable.....just going to take a crapload of time.

That's a risk associated with jailbreaking. Even so, I would assume that Apple has some sort of remote wiping app for their products. It not unheard of that top secret stuff goes missing every now and then.

[sykozis]

According to the second article, yes, the phone can be wiped remotely.

[dcx_badass]

Can just bypass the whole thing by social engineering the apple account.

http://www.forbes.com/sites/adrianki...we-screwed-up/

You can remote lock the phone from http://icloud.com using any code you want, then just type that on the device. Just need the email and pass for icloud.

[PhazeDelta1]

Quote:

Originally Posted by dcx_badass

Can just bypass the whole thing by social engineering the apple account.

http://www.forbes.com/sites/adrianki...we-screwed-up/

You can remote lock the phone from http://icloud.com using any code you want, then just type that on the device. Just need the email and pass for icloud.

Wow.

[sykozis]

Quote:

Originally Posted by dcx_badass

Can just bypass the whole thing by social engineering the apple account.

http://www.forbes.com/sites/adrianki...we-screwed-up/

You can remote lock the phone from http://icloud.com using any code you want, then just type that on the device. Just need the email and pass for icloud.

Thanks for that article. Now I'll make sure my wife stays away from icloud.

[deltatux]

I call bull****, many in the computer security realm already knows that AES-256 is breakable, I'm rather confident the NSA has enough computational power and intelligent computer scientists finding ways to break AES-256. AES-256 has been broken before by researchers, it can definitely be broken.

AES isn't indestructible, it's just very hard for anyone to break. Right now the only real thing that's stopping people from breaking AES 256 is the fact that it's very complicated and unless you're a researcher or really adament into gaining whatever secret that was encrypted with AES-256, you'd probably not even bother.

Wikipedia has a short of known AES-256 attacks: http://en.wikipedia.org/wiki/AES-256#Security

There are many other articles on the Internet that talks about attacks on AES-256.

Remember: Digital security mechanisms are not about stopping people from accessing your information. It is about stopping people long enough before they break through or until you can replace it with an even stronger mechanism.

deltatux

[proliferazor]

If you guys want this on your pc use TrueCrypt its open source super easy to use and you can use 256 EAS or many other types of encryption on your system, you can set up files to encrypt, HD's, or even the HD that holds your operating system keeping it safe too. It also has the benifit of not getting in your way at all, put in a password and bam you have access, no decrypting that's so 90s.

Finally a truely safe place for all your midget tranny pron.

If fact there was a story a while back about some drug dealer that had a system protected by truecrypt and 256eas they've had that drive for 10+ years and still are not any closer to reading the information on it. The only way to crack this **** is to get the pass phrase. Either going through every detail of this guys life and putting in related words, using a dictionary, or social engineering ( make the ****er tell you, which they can't). Brute forcing this would take far longer than a lifetime with the strongest computers in the word.

-------------------------------------------------------------------
AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. A device that could check a billion billion (1018) AES keys per second (if such a device could ever be made - as of 2012, supercomputers have computing capacities of 20 Peta-FLOPS, see Titan. So 50 supercomputers would be required to process (1018) operations per second) would in theory require about 3×10 power of 51 years to exhaust the 256-bit key space.
from http://en.wikipedia.org/wiki/Brute-force_attack
--------------------------------------------------------------------
In other words to even make a scratch in guessing the full amount of possibilities with 50 of the worlds fastest super computers it would take you 10 with 51 more 0's behind it, times 3. IN YEARS O.o

[deltatux]

Quote:

Originally Posted by proliferazor

-------------------------------------------------------------------
AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. A device that could check a billion billion (1018) AES keys per second (if such a device could ever be made - as of 2012, supercomputers have computing capacities of 20 Peta-FLOPS, see Titan. So 50 supercomputers would be required to process (1018) operations per second) would in theory require about 3×10 power of 51 years to exhaust the 256-bit key space.
from http://en.wikipedia.org/wiki/Brute-force_attack
--------------------------------------------------------------------
In other words to even make a scratch in guessing the full amount of possibilities with 50 of the worlds fastest super computers it would take you 10 with 51 more 0's behind it, times 3. IN YEARS O.o

Most people will try a brute force attack, but any high level cryptographer would try to attack it by performing cryptanalysis on the cipher to find weaknesses in the cryptographic system. Attacking such a high performing cryptography system with just brute-force is stupid.

deltatux

[d_mouse]

if they can break this - http://news.cnet.com/8301-1009_3-574...yption-record/

then AES 256 bit has no hope

[Norvekh]

Quote:

Originally Posted by d_mouse

if they can break this - http://news.cnet.com/8301-1009_3-574...yption-record/

then AES 256 bit has no hope

Any code can be cracked given enough time and resources. Well, aside from the Voynich manuscript but that could be a case that it's simply not even a code but just gibberish. Point being, eventually every encryption technique can be cracked, it's just a question of the value of doing so versus the time needed to do it. (Another reason for not cracking that manuscript. It's not worth much more than bragging rights.) Cracking computer encryption that is used by governments and corporations for sensitive data? Count on it. Cracking the cell phone of a 13 year old girl with a penchant for text messaging? Unlikely.