SoylentNews is people
SoylentNews
from the so-simple-that-a-gov't-employee-could-do-it dept.
Russia Today reports
The US public doesn't need a Digital Security Commission; they need the FBI to stop deceiving everyone and tell the truth that it wants to spy on Americans, John McAfee, developer of the first commercial anti-virus program told RT's Ed Schultz.
[...] "The FBI wants Apple to change their software so that it removes the check for security, so that we don't check for security anymore. Once it has that software, they can use that software on any phone. But they say they only need it for one phone."
[...] "You need a hardware engineer and a [software] engineer. The hardware engineer takes the phone apart and copies the instruction set, which are the iOS and applications, and your memory. And then you run a program called a disassembler, which takes all the ones and zeros and gives you readable instructions. Then the coder sits down and he reads through. What he is looking for is the first access to the keypad, because that is the first thing you do when you input your pad. It'll take half an hour. When you see that, then he reads the instructions for where in memory this secret code is stored. It is that trivial--a half an hour.
...The FBI knows this, Apple knows this."[...] "In either case, if they (the FBI) don't know, that is tragic; if they do know it, then they are deceiving the American public and Apple and everyone else by asking for a universal key."
Video
Do you see any flaws in McAffee's explanation?
Previous: Apple Wants Court To Rule If It Can Be Forced To Unlock iPhones
Seems Like Everyone has an Opinion About Apple vs. the FBI
Update: TPP-Exposing Journalist Ed Schultz Lands on His Feet at RT
John McAfee Announces He Will Run For President of the United States
(Score: 2) by q.kontinuum on Sunday March 06 2016, @10:48AM
Basically you'd try to find a new way to generate "random" numbers. Only the input is not 100% random really. It might work due to the longer key, but other than that you wouldn't need to reproduce the exact sound patterns, you'd just have to narrow down the key -space by finding the right assumptions for possible samples. If that is possible, start brute forcing.
You trade good random/short length against poor random/long key. Not sure this is safer or unsafer, or how it impacts performance. But one ground-rule of Cryptography is afaik "never role out your own crypto".
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 1) by anubi on Sunday March 06 2016, @11:21AM
So true! That's why I won't even try to generate the numbers mathematically.
And also why I posted.
Personally, I think - given the lack of any deterministic procedure for generating the numbers - it would be extremely difficult, if not impossible, to generate a duplicate key.
Except, of course, brute forcing. And a several kilobyte key is gonna be pretty hard to brute force.
I am looking at a one-time generation from about the noisiest thing I can think of that's part of a phone. Something that can generate a prodigious amount of data, quickly, and not likely ever generate it again. ( statistically speaking ). So its gonna be the microphone or the camera.
Another way of getting a bunch of numbers that you will not likely ever see again involves streaming data from the camera while twirling it around....
My feeling is this is something the customer has to do to marry his device, to make damn sure no hanky panky takes place before purchase.
If the customer ever needs to wipe his device, he is free at any time to re-do his marriage vow and start off anew. He does not lose his device, but all the files within are now permanently lost - to be treated as available memory for new files.
Like Bitstream noted above... this is for generating a system key. Even the person generating the key won't be able to generate the same key again. The only reason I would ask the customer to do it is to make sure its a fresh key.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]