Mastodawn

Don Cruse Feb 12, 2025

I wrote a bit more about the UK’s recent move to allegedly demand backdoors in Apple encryption. https://blog.cryptographyengineering.com/2025/02/12/u-k-asks-to-backdoor-icloud-backup-encryption/

U.K. asks to backdoor iCloud Backup encryption

I’m supposed to be finishing a wonky series on proof systems (here and here) and I promise I will do that this week. In the midst of this I’ve been a bit distracted by world events. Las…

A Few Thoughts on Cryptographic Engineering

Show thread

⊥ᵒᵚ Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️Feb 12, 2025

@matthew_d_green ball is in #Apples court and we've had, what, zip? So they caved in ? No one in the world can trust #ios backups?

#security #privacy

Show thread

Matt Palmer Feb 12, 2025

@matthew_d_green given the five eyes' long and storied history of cooperating to get around pesky domestic restrictions, I'd be stunned if the UK deployed this TCN without the tacit approval, if not active encouragement, of the US.

Show thread

Derek McAuley Feb 12, 2025

@matthew_d_green Look, given crippling the CMA/DMU, given the shitshow that is Online Harms, given not signing the AI accord in Paris, then the bonfire of rights in the Data Use Bill, I actually don’t believe they are this competent. What startles me is WTF is the double lock?

Show thread

aspragg Feb 12, 2025

@matthew_d_green

> your backups would be encrypted securely under your phone’s passcode — something you should remember because you have to type it in every day

Securely? But aren't phone passcodes only 4-6 digits long? And if someone has access to the encrypted data, won't they have unlimited attempts to decrypt it? Wouldn't that make a brute-force attack trivial?

Show thread

idkrn Feb 13, 2025

@aspragg for unlocking, you need the key that is also stored in the hardware. You may need that as well for the backups

Show thread

B-rad 🏳️‍🌈👨‍💻Feb 13, 2025

@aspragg @matthew_d_green the passcode is entangled with and protecting the actual encryption keys. It’s described in detail in the platform security guide https://support.apple.com/guide/security/encryption-and-data-protection-overview-sece3bee0835/web

Encryption and Data Protection overview

Apple devices have encryption features to safeguard user data and to help ensure that only trusted code apps run on a device.

Apple Support

Show thread

idkrn Feb 13, 2025

@matthew_d_green typo should be Capability :)

"Technical Capabiilty Notices"
https://blog.cryptographyengineering.com/2025/02/12/u-k-asks-to-backdoor-icloud-backup-encryption/#:~:text=Technical%20Capabiilty%20Notices

U.K. asks to backdoor iCloud Backup encryption

I’m supposed to be finishing a wonky series on proof systems (here and here) and I promise I will do that this week. In the midst of this I’ve been a bit distracted by world events. Las…

A Few Thoughts on Cryptographic Engineering

Show thread

chris Feb 13, 2025

@matthew_d_green

"Members of key congressional oversight committees wrote to the United States’ new top intelligence official Thursday to warn that a British order demanding government access to Apple users’ encrypted data imperils Americans."

https://infosec.exchange/@jbhall56/113996702464270977

Jeff Hall - PCIGuru :verified: (@[email protected])

Members of key congressional oversight committees wrote to the United States’ new top intelligence official Thursday to warn that a British order demanding government access to Apple users’ encrypted data imperils Americans. https://wapo.st/4hZ9WFz

Infosec Exchange

Show thread

spmatich vk3spm

Feb 21, 2025

@matthew_d_green #apple has caved
https://www.bbc.com/news/articles/cgj54eq4vejo

Apple pulls data protection tool after UK government security row

Customers' photos and documents stored online will no longer be protected by end-to-end encryption.