Hacker News new | past | comments | ask | show | jobs | submit login

You need to break the encryption or find the key. In this case the key has 4^9 bits of entropy (262144) which can be cracked in a matter of minutes if they get a copy of iOS that doesn't have a timeout.



Your math is a little off.

Presumably you are assuming a 4-digit numeric PIN, which means log_2(10^4) bits of entropy (13.3).


No. I'm not really talking about, thinking about the current FBI/Apple issue and, instead, am trying to be more fundamental and look ahead one step, say, the next step after the FBI/Apple, uh, maybe call it a pissing match.

So, IMHO, here's where we are, whatever FBI/Apple do: People, and Apple, will want encryption no one knows how to break. Indeed, IIRC, Apple has already announced that they intend to make an iPhone Apple can claim they can't break.

And I suspect that quite broadly and commonly people will just roll back to basic RSA, etc. encryption, say, from little command line programs they can run on an old, not hacked, computer never connected to a network.

Then the issue in practice will be the same one that is fundamental in theory: To break the encryption, need to a fast way to factor a product of two, large prime numbers.

Pass code, 4-digit PINs, etc. -- I just passed over those as by now trivial and irrelevant.


> And I suspect that quite broadly and commonly people will just roll back to basic RSA, etc. encryption, say, from little command line programs they can run on an old, not hacked, computer never connected to a network.

Never gonna happen. I am willing to bet.


Some people, maybe a lot of people want to take encryption seriously.

So, get some little open source, command line programs that run and just squirt out dirt simple flat ASCII files in base 64 encoding. Run the software on some old computer where are fairly sure there are no back doors. Never connect to computer to a network. Move the data from that computer on, say, just old diskettes.

Then somehow have an iPhone read the base 64 and send it.

If the FBI gets the base 64 code, lots of luck making any sense out of it.

Some people will be impressed by that scenario and possibility.


How many is `some'?


Should be everyone with first level programming skills and very interested in solid data security. That's a lot of people, millions.

Maybe they just need to be reminded that they can do it themselves, easily, with no dependence on Apple, Microsoft, the Internet standards and no risk of backdoors, etc.


Seriously. just hack the timeout out of the OS. I bet I could do it in a single day. The FBI is playing at something bigger here - they want to set a dangerous precedent. The battle is not about access to that particular phone (unless they are truly incompetent - which can't be ruled out, unfortunately.)


How would you do this, exactly? As far as I know, you'd have to find an unpatched exploit you can use over USB. That seems like something that would take longer than a day, unless you're amazingly good at this stuff.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: