Can someone confirm or deny the following? I think this is the current state of affairs.
A) Apple will unlock PIN-locked devices by government request, but the best they can do is brute-force. This is very slow, as it can only be done using the phone's on-board crypto hardware (which has a unique burned-in crypto key), and the PIN is stretched with PBKDF2. It has been this way for a while. Apple has no "backdoor" on the PIN or any form of cryptographic advantage here that we know of.
B) The new thing mentioned in the OP's link is that things stored on Apple's servers are now encrypted as well, with your iCloud password.
It's actually really easy to recover the passcode from iTunes backups (so probably from iCloud backups too). I've had to do it before to rescue photos off a friend's iPhone. Don't know about >iOS6 though.
>It's actually really easy to recover the passcode from iTunes backups
What do you mean by this? I doubt the passcode is stored in plaintext anywhere, and if I recall correctly, the passcode is convolved with the CPU's burned-in crypto key before storage, so you couldn't recover it from a backup without the corresponding phone.
iTunes backups are encrypted by default. And I can't imagine a typical person deliberately disabling it.
Your example is a little unique though because you have physical access to both their computer and their phone. In theory you could just brute force their iTunes backup password.
> According to Apple, the only way to crack the passcode was via brute force.
I imagine every vendor selling encryption would make this claim. Otherwise, they would have to say there is a flaw in their implementation or publicly reveal their backdoor.
Can someone confirm or deny the following? I think this is the current state of affairs.
A) Apple will unlock PIN-locked devices by government request, but the best they can do is brute-force. This is very slow, as it can only be done using the phone's on-board crypto hardware (which has a unique burned-in crypto key), and the PIN is stretched with PBKDF2. It has been this way for a while. Apple has no "backdoor" on the PIN or any form of cryptographic advantage here that we know of.
B) The new thing mentioned in the OP's link is that things stored on Apple's servers are now encrypted as well, with your iCloud password.
Is this correct?