Why can’t Apple decrypt your iPhone?
[Via A Few Thoughts on Cryptographic Engineering]
Last week I wrote about Apple’s new default encryption policy for iOS 8. Since that piece was intended for general audiences I mostly avoided technical detail. But since some folks (and apparently the Washington Post!) are still wondering about the nitty-gritty details of Apple’s design, I thought it might be helpful to sum up what we know and noodle about what we don’t.
Nice explanation of how Apple has secured the iPhone. No backdoors. Apple holds no keys. The phone takes your password, mixes it with a specific number for each phone (UID), and runs it through a slow derivation function to get the passkey used for all on phone encryption. What does the slow derivation function do?
The Apple Key Derivation function ‘tangles’ the password with the UID key by running both through PBKDF2-AES — with an iteration count tuned to require about 80ms on the device itself.** The result is the ‘passcode key’. That key is then used as an anchor to secure much of the data on the phone.
Apple used a dedicated line on the chip to put the key into the secure enclave. Software can put it in when you change a password but cannot extract it out. The only thing that can be done is to brute force the password by trying every single combination.
Now, normally, the authorities can use a class F supercomputer, capable of trying a billion passwords a second. This means that even if your password mixed lower case, upper case and special symbols and was 8 characters in length – 96 possible characters and a whopping 7.2 quadrillion possible combinations – the class F could find it in less than 3 months.
The authorities know that any phone they want to crack can be with a brute force approach. Well, that used to be true.
See that 80 ms requirement. Since the only thing to do is brute force the password, that 80 ms becomes important, as I wrote before. It slows down even the Class F. Instead of a billion tries a second, it can only do 12.5.
This means that even an 8 digit passcode using only numbers would now take 3 months. Instead of instantly.
Before, they could just ask Apple to crack it for them. Because it held a backdoor key. But now Apple no longer can do that.
It means that pretty much no one can get the data off your phone, especially if you use even a simple password with 6-8 characters.
And Apple lets you use a passcode up to 37 characters long.
The only way to get an iPhone cracked is to get a warrant requiring the owner to open it. No more being able to use a third party to do it for the authorities.
So we are back to what used to be the status quo.