Signaling post-Snowden era, Apple’s iPhone, iPad lock out N.S.A.

Apple’s iOS, which powers the company’s revolutionary iPhone, iPad and iPod touch, “encrypts emails, photos and contacts based on a complex mathematical algorithm that uses a code created by, and unique to, the phone’s user — and that Apple says it will not possess,” David E. Sanger and Brian X. Chen report for The New York Times. “The result, the company is essentially saying, is that if Apple is sent a court order demanding that the contents of an iPhone 6 be provided to intelligence agencies or law enforcement, it will turn over gibberish, along with a note saying that to decode the phone’s emails, contacts and photos, investigators will have to break the code or get the code from the phone’s owner.”

“Breaking the code, according to an Apple technical guide, could take ‘more than 5 1/2 years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers.’ (Computer security experts question that figure, because Apple does not fully realize how quickly the N.S.A. supercomputers can crack codes),” Sanger and Chen report. “Already the new phone has led to an eruption from the director of the F.B.I., James B. Comey. At a news conference on Thursday devoted largely to combating terror threats from the Islamic State, Mr. Comey said, ‘What concerns me about this is companies marketing something expressly to allow people to hold themselves beyond the law.'”

MacDailyNews Take: The supreme law of the United States of America, you lazy, whiny bastard, is the U.S. Constitution. You know, the thing you swore to uphold? Go read the Fourth Amendment for what sounds like will be the first time in your life.

Sanger and Chen report, “He cited kidnapping cases, in which exploiting the contents of a seized phone could lead to finding a victim, and predicted there would be moments when parents would come to him ‘with tears in their eyes, look at me and say, ‘What do you mean you can’t” decode the contents of a phone.”

MacDailyNews Take: Oh, puleeze. Enough with the vomit-inducing transparent bullshit fear mongering. Your illegal free pass has been rescinded.

“Company executives say the United States government brought these changes on itself. The revelations by the former N.S.A. contractor Edward J. Snowden not only killed recent efforts to expand the law, but also made nations around the world suspicious that every piece of American hardware and software — from phones to servers made by Cisco Systems — have “back doors” for American intelligence and law enforcement,” Sanger and Chen report. “Timothy D. Cook, Apple’s chief executive, has emphasized that Apple’s core business is to sell devices to people. That distinguishes Apple from companies that make a profit from collecting and selling users’ personal data to advertisers, he has said.”

Read more in the full article here.

MacDailyNews Take: As a bonus, here’s a little lesson on the First Amendment to the United States Constitution for FBI Director James B. Comey:

You can take an iPhone 6 and shove it up your ass sideways, Jimmy. In fact, make it an iPhone 6 Plus.

Prior to 2007, when Steve Jobs gave the world the modern smartphone, there were no evidence bonanzas from warrantless searches and seizures available right in suspects’ pockets and, yet, somehow, law enforcement personnel and federal investigators actually managed to do the jobs that taxpayers paid them to do without infringing citizens’ basic constitutional rights. Use valid search warrants the way you used them before the iPhone existed.

Let’s go back to following the U.S. Constitution, shall we? If it takes force from leaders like Apple for constitutional rights to be enforced, so be it.

[Thanks to MacDailyNews Readers “Fred Mertz” and “Edward W.” for the heads up.]

Related articles:
FBI blasts Apple for protective users’ privacy by locking government, police out of iPhones and iPads – September 25, 2014
Apple thinks different about privacy – September 23, 2014
Apple’s iOS Activation Lock reduces iPhone thefts, Samsung phone thefts skyrocket – September 18, 2014
Apple CEO Tim Cook ups privacy to new level, takes direct swipe at Google – September 18, 2014
Apple will no longer unlock most iPhones, iPads for government, police – even with search warrants – September 18, 2014
Would you trade privacy for national security? Most Americans wouldn’t – August 6, 2014
Apple begins encrypting iCloud email sent between providers – July 15, 2014
Obama administration demands master encryption keys from firms in order to conduct electronic surveillance against Internet users – July 24, 2013
U.S. NSA seeks to build quantum computer to crack most types of encryption – January 3, 2014
Apple’s iMessage encryption trips up U.S. feds’ surveillance – April 4, 2013

100 Comments

      1. Oh, Oh, now you don’t mean to imply that Mr. Obama and Mr. Holder & the infamous Lois L @ the IRS are above the law, do you?

        Those people just seem to either not have the records, redact them or simply trash their hard drives … somehow.

        1. Bo, you stupid, Fox News-watching, partisan moron.

          Posts like yours piss me off like no others.

          I am always amazed how the extremists on either side think that their elected crooks are any different than those from the other party.

          You really think that the republicans, particularly George Bush, give a s**t about the constitution? Who’s party wrote the Patriot Act that allowed all this to happen?

          These politicians (again, those from either party) would never stay in office if it weren’t for gullible sheep like you that are oh so eager to buy into the party line even when it makes no rational sense.

          I am an active republican in my district, but I ALWAYS check facts for myself and make up my own mind. I’m active enough to know how they work to shape voter beliefs, and also know that a good % of the time they are full of crap.

          Our political system would be in much better shape if everyone would make up their own minds and get information from multiple news sources including ones coming from different editorial ideologies.

          I also encourage everyone to donate to the Elexctronic Frontier Foundation. They are doing good work trying to defend our constitutional rights in the online world.

          1. Spying on Americans under Obama is up 1000%.

            So, I would have to say that George Bush is ten times better than the current administration and that critic2 is the low-information partisan moron here.

            1. bot boy, the answer is simple: As a bargain with the obstructionist thugs in the House.

              The republican-led House complains incessantly about everything the administration merely utters, let alone formally does, but it is they who are supposed to write the laws and fix the ones that they claim impede progress. The only laws they have enacted are spending bills that bloat the military to further unsustainable levels. That’s a congressional problem that needs a congressional solution, and it has nothing to do with the competence or actions of the current executive. So if you had a brain, bot boy, you’d understand the difference between the executive & the legislative, and you’d place appropriate scrutiny where it belongs.

              Once again, why did Obama sign the Patriot Act? Horse trading, pure and simple. Apparently he has been convinced my the same fear mongers that infected Bush — it is now US policy that in order to keep Americans “safe”, the military demands that they need to deploy hundreds of thousands of troops halfway around the world in an unsustainable Crusade. Can anyone recall the last time a Crusade was successful? It’s a whack-a mole game without end, with the US invaders bleeding away its resources at a devastating rate as they encamp deep in foreign lands. If Republicans really gave a damn about America’s physical and financial security, they would axe funding for overseas wars, bring the troops home where they belong, spend more energy on wise infrastructure investment and other immediate problems the nation faces. Boehner, where are your proposals? 6 years and you accomplished NOTHING!

            2. @ asshole bot:

              The Patriot Act was amended/reauthorized by four bills(2005, 2006, 2010, and 2011), each one passed by both houses of congress under heavy lobbying by defense contractors. The executive doesn’t write the bills. Get your head out of your enormous derriere, you fool.

            3. I never said Obama didn’t sign the bills in 2010 and 2011. But he didn’t write them or dictate their contents as you strongly insinuate. Now since you have run out of facts, are you just down to slinging juvenile personal attacks, now, bot boy? Grow up.

    1. You’ve got to be kidding…. Remember BHO promised to have a transparent executive branch (under which the justice dept resides). That didn’t work out well now did it?

  1. ” Mr. Comey said, ‘What concerns me about this is companies marketing something expressly to allow people to hold themselves beyond the law.’” ”
    I guess you would have to include with this statement things like guns.

    1. The majority of firearms in this country aren’t used unlawfully any more than iPhones are, and are guaranteed under the Constitution to ensure ones own right to life, and to oppose a tyrannical government. Try again Ricky.

      1. Ummm. Guns are guaranteed under the Constitution because “A well regulated militia being necessary to the security of a free State, the right of the People to keep and bear arms shall not be infringed.” Nothing about ones own right to life, Lucy. It just talks about a free state. And many of us aren’t seeing much of that “well regulated” part either, let alone arms being restricted to a militia. But since you brought up right to life (which is not even mentioned by the Constitution), what about the hundreds of innocent kids killed by guns each year? What about their right to life? You seem to put right to life above even the Constitution.
        Try again, Lucy. But this time try using actual facts instead of your own bias.

        1. The amendment, as quoted by you, does not say there needs to be a well-regulated militia. The major sentence is the second half.

          That’s the current interpretation of SCOTUS, If I am not mistaken.

          1. You are mistaken.

            As ratified by the States and authenticated by Thomas Jefferson, then-Secretary of State:[30]

            “A well regulated militia being necessary to the security of a free state, the right of the people to keep and bear arms shall not be infringed.”

            That’s in the Bill of Rights as the Second Amendment. You can pretend it’s not there or says something else, but it is just as stated. OBTW, the militia falls under the military command of the DoD.

            1. Thomas Jefferson was in Paris when the Bill Of Rights was penned by James Madison, idiot…There was no “DoD” in 1789, jackass. The grammatical function of a comma is to lessen the repetition of “and”, hence “…the security of a free state AND the right of the people to keep and bear arms shall not be infringed” you goddamn revisionist.

            2. I don’t think you have any clue what typical grammatical usage was in 1789. As for using a comma to avoid repetition of “and,” please tell me where in that sentence the word “and” comes before the comma so that the comma could conceivably be avoiding repetition.

            3. If you had ever read any of the writings of the Founding Fathers you would know that they were adamant in their belief in the right of the people to be armed. Of course I doubt if the truth or facts would sway your misguided and emotional opinion.

            4. @ Realist: perhaps if you read your history you would understand how nuanced gun ownership was. Long before the US Constitution was written, guns were banned in most of the New World cities, notably in Boston. That is partially why the Boston Massacre — which was started by a mob throwing rocks at the British guard — ignited the demand of urban citizens that the Brits be garrisoned outside of towns. King George, of course, claimed that his soldiers did not need to conform to the local law.

              Obviously frontier settlers owned guns for hunting and defense against Natives. However, the right to own a gun was still heavily regulated. In even the smallest towns, all guns were locked in a community storehouse. Anyone who owned a gun but did not join the militia so he could be properly trained in its use was commonly ostracized from frontier communities and there are many records of gun confiscation.

              Rich settlers in frontier communities usually bought a slave or two to take the master’s place in the militia — precisely so the master did not have to handle a gun at all. The “right” to have a gun was considered an obligation for communal defense and hunting, and the business elites had better things to do with their time.

              America’s romance with the gun has gone on an emotional bend that does not coincide with history or true need. Today it is ludicrous to think that communal defense with small arms is needed or wanted in most of the planet. If you want protection, a simple call toe 911 can bring a forth a literal army of police, complete with military surplus armored vehicles, aerial drones, enhanced vision system, guided weapons, and the like. This is supposedly because organized criminal organizations are similarly armed. Charlton Heston’s musket wouldn’t protect his household for more than a second or two against modern weapons systems, so the right to bear it is a joke that annual causes more accidental injuries and deaths than actual self-defense protection.

            5. Mikey is a comical panderer of Common Core Revisionist American History Curriculum…some gems of one-liners from his stand-up routine: “In even the smallest towns, all guns were locked in a community storehouse.” You are such a scamp.
              ” Long before the US Constitution was written, guns were banned in most of the New World cities, notably in Boston.”…hey Mikey the Boston Massacre was THE reason that the right to bear arms was included in the Bill Of Rights.

              That dog don’t hunt.

            6. @ bot boy: perhaps you could explain to all of us why the US Constitution’s second amendment reads so similarly to the English Bill of Rights (1689). That is why Americans — the majority of whom considered themselves British subjects before and after the Boston Massacre and well into the Revolutionary War — believed in gun control and appealed to King George to call off his troops who flouted local law and actively confiscated colonists’ private property. Colonists did however have gun restrictions that you, bot, seem proud to ignore. Read them before accusing others of revisionist history. Clayton Cramer’s “Gun Control in Colonial New England is a very revealing and reliable text.

            7. Mikey, my personal favorite of this particular revisionist sophistry is: “America’s romance with the gun has gone on an emotional bend that does not coincide with history or true need.” Defending yourself, your family, your home evidently doesn’t fall under “need” in the rainbows and the unicorns of MIkeyland.

              You’re partially correct, it isn’t a “need,” it’s a right.

            8. PS – Mikey, I really don’t give a rat’s ass what gun policies were BEFORE the Constitution during British colonial tyranny. I don’t think you grasp the purpose of The War Of Independence.

            9. PSS – Mikey, for your woefully needed edification, it’s not “emotional bend,” it’s “emotional bent.” You’re most welcome.

              3 determined to do or have something: a missionary bent on saving souls | a mob bent on violence.

            10. @ bot the Grammarian: bend is also an expression implying madness or eccentricity

              Since now you’re reduced to criticizing grammar, how about learning how to use the contraction “don’t”. Hint: the subject and the verb must match in number, you hypocritical fool.

            11. bot, you clearly have a reading comprehension problem, among other serious mental issues. Please identify ANYWHERE where i insinuate that a person should not be allowed to defend himself. All I have done is state that there is a middle ground and intelligent regulation that keeps guns out of the hands of mentally unstable people (like you) and felons is absolutely necessary. Just as we have laws that require training and registration for the privilege of using motor vehicles or small airplanes or all kinds of things. How many maniac mass shootings occur before you wake up and acknowledge that it really is better to restrict gun ownership only to those people who can handle the responsibility?

              Is it possible for you to have a reasonable discussion, or are you just continuing to put words in other peoples’ posts, and of course insult them at every opportunity? If that’s all you have, then YOU go back to sleep.

        2. “Well-regulated” in the usage of the time in which the Bill of Rights was written and adopted has nothing to do with government control, it meant “functioning properly according to specification”. You regulate a timepiece, or you regulate a shotgun to point of aim, etc. The “well-regulated militia” is descriptive (an example of something needful), rather than prescriptive (the only thing supported).

          It was also quite clear at the time that the right of citizens to keep and bear arms personally was, among other things, “for defense of themselves and the State”, as noted in several states’ constitutions at the time.

          This has been repeatedly supported by various court decisions, including Cruikshank (1876), Presser v. Illinois (1886), and Heller (2008).

        3. “Innocent kids” is a phrase you liberals like to use for everything. You love to pull the old “for the children” routine at the drop of a hat. Here are some stats I pulled up in quick search from Child Death Review for 2000:

          174 from accidental shooting
          1,242 from intentional shooting (homicide)
          2,000+ from child abuse
          1,236 from drowning
          1,946 from fires
          1,621 from suicide
          6,466 from motor vehicle accidents

          Kids, just like adults, are going to die for myriad reasons. So, don’t try to pile all of your blame and angst on firearms; find another scapegoat.

          Try again Scalia.

          1. We can stop deaths from guns.

            Every firearm death is the result of a chain of deliberate actions, from the manufacturer, to the seller to the defender of the 30-round magazine to the puller of the trigger. Every nickel that the profiteers make from the sales of those guns and ammunition are stained with the blood of a victim. Every gun store should be required to post a sign on their door “Blood Money taken here. The deaths of children happily supported”

            1. If every gun on earth disappeared tomorrow and none could ever be manufactured, what would be the outcome?

              Would there suddenly be no murders, robbery, assaults, rapes or any other type of crime? Would there be no other alternative weapons for the criminals to use against the honest and defenseless?

              Your foolish beliefs aren’t supported by the history of mankind. The strong and evil, whether they be individuals or governments, will always prey on the weak and helpless.

              I would imagine you have always lived in a protected and pampered environment, sheltered from the harsh realities of life all over the world. If you are lucky you will never be in a situation where a firearm would have saved you or your loved ones.

              As for me, I take my defense into my own hands, because by the time the police show up you are just a statistic. Have a nice life.

            2. I guess it is an advantage to have guns. With them you don’t have to be strong to prey on the weak, just evil.

              Yes, so far I live in the part of the United States where you can go shopping at WalMart or eat at Chilis without carrying a gun.

              I was in a Social Security office the other day when an individual came in packing. The Security Guard told him he would have to leave the gun outside. You’d swear the guard had told him to leave his dick in the car. Kind of a chuckle, really.

            3. “With them you don’t have to be strong to prey on the weak, just evil.”

              The evil, no matter their strength, still prey on the weak in any way they can. As for an actual physical confrontation of potential life or death, do you really believe it is wrong for a 100 pound woman to be able to defend herself against a 250 pound thug, whether he has a gun or not? Explain that to a woman who is brutally raped.

              As for the person who had to leave his gun outside, a concealed carry permit is useless without being able to have the gun at all times. Apparently you aren’t aware of the shootings in restaurants in this country, where people who had permits had to leave their guns in their cars and were unable to defend themselves in mass shootings.

              The number of women is this country who are training and carrying is growing daily, so I doubt if they have to leave their dicks in their cars. As for Walmart, as far as I know their corporate policy is to follow the laws of the state the store is in. My local Walmart has no restrictions as long as you are legal.

          2. You do realize that Conservatives use the exact same argument for different issues, right? “If we teach about safe sex instead of just abstinence in schools, they’ll start having sex! Think of the children!” “We can’t allow homosexuals to have the same rights as heterosexual couples! Children with two daddies would be mentally damaged! Think of the children!” “Who cares if she was impregnated by rape, abortion is murder! Think of the unborn children!” And the list goes on.

            It’s all a bunch of bullshit emotional manipulation by both sides of the political spectrum. To accuse lefties of being the only ones who throw the “innocent children” crap around is ignorant, disingenuous, and just plain detached from reality. Just the same as it would be for anyone to accuse only Conservatives of it.

            Of course, having a straight-up debate of any issue without blatant name-calling and demonizing your opposition is never going to happen, at least not on MDN …

            1. Conservatives and Liberals are political parties.

              However, conservatives and liberals are right wing leaning or left wing leaning voters.

              It is important to know the differences.

            1. Why are you not okay with me putting land mines on my property, then, bot? Small arms are so quaint. When I need protection from imaginary boogeymen that the extreme right media sensationalizes, why not just use sure-fire land mines on my property and a machine gun nest on the tower overlooking all the lawn inside the moat and the razor wire? If we literally read the NRA interpretation of the second amendment, all that paranoia would be mainstream and arms manufacturers would be selling in in retailers from coast to coast.

              I laugh to think that you imagine a handgun would even slow down a well-trained person who really wanted to do you harm. The self-delusion of people who wrap themselves in the flag while ignoring the community and reality is downright comical.

            2. No, the 174 accidental deaths are tragic, since they are preventable if people properly retain their guns and teach their children about them.

              The 1,242 homicides are mainly in the inner cities and are gang and or drug related. Those animals are going to continue to do what comes natural to them no matter what. I do not shed a tear for them.

      2. @ Lucy — Obviously the majority of firearms are used and stored properly by sportsmen. Nobody wants to restrict these upstanding people from pursuing their sport as long as long as they’re responsible. But that doesn’t trump the reality that regulation — such as registration, sales tracking, and mandatory training — is needed to keep weapons of all kinds out of the hands of mentally unstable and evil people BEFORE they act. Why would anyone support the selling of weapons to known felons, for example? That doesn’t in any way interfere with a law-abiding citizen’s right to own and use arms. Can we agree on that?

  2. “You can take an iPhone 6 and shove it up your ass sideways, Jimmy. In fact, make it an iPhone 6 Plus.”

    Yikes, that’s gotta be one of the most vehement statements I’ve ever seen MDN make. Personally, I’d really hate to think of a wonderful product like the iPhone being abused like that. How about he just keeps his head up his ass instead?

  3. “expressly to allow people to hold themselves beyond the law”

    Change the law, problem solved.

    Telling Apple (and others) that they HAD to hand over information about their customers and that telling anyone that you were requiring them to so would be illegal?!!?!?

    You screwed your own goose with that one.

    1. Well said… This is the Apples reaction to the NSA’s warrantless searches and the gag orders placed on companies like Apple. The NSA brought this on themselves, no need to blame Apple.

      For every action there is an equal and opposite reaction.

  4. “expressly to allow people to hold themselves beyond the law”
    ???????????
    You mean criminals? Are all iPhone users criminals?
    I swear Jimmy baby, it is getting boring with all your corrupt demagogue plutocrats that will not be happy until you have a giant machine that can read everyone’s mind.
    I would take MDN’s advice and READ the #$%#@@#R Constitution and play by the rules and that goes for the lot of your intellectually derelict colleagues, subordinates and especially, superiors.

  5. == ‘more than 5 1/2 years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers.’ ==

    This must be a joke… It can’t be something else.

    A six-character alphanumeric passcode with lowercase letters and numbers needs about one day on my home computer to be cracked…

    Even without that you have rainbow tables (Precalculated hashes) which reduces the time to a few seconds…

    This is, once again, PR bullshit for the masses. Every US Company works hand in hand with the US government. MS does, Google does, Amazon does and yes… Apples does.

    1. Are you sure? First of all, what they assume is that the iPhone complex password is six alphanumeric characters. If that’s true, thats 62^6 = 56,800,235,584 possible character combinations to type into your iPhone. However, Apple allows you up to 37 characters in an iPhone complex password, and they don’t have to be all alphanumeric. They allow symbols as well, and include the accented letters accessed by holding the keys down until they appear. There are 18 “a”, 16 “e”, 14 “i”, 18 “o”, 12 “u”, 4 “y”, 7 “s”, 3 “l”, 8 “z”, 8 “c”, 6 “n”, 2 “zero”, 4 “-“, 7 “$”, 2″&”, 2″.”, 2”?”, 2″!”, 4″‘”, 5 “apostrophe”, and 2″%”. That’s 227 characters you could possibly use in your 37 position passcode. Oh, my! 227^37 possible combinations. Let’s see. . . Counting on my fingers. . . Not enough fingers. . . Adding toes. . .

      14,892,126,482,962,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000
      possible combinations. . . That might take a few days.

      How long? If you could try ten combinations a minute, it would take you only . . . More figuring on my fingers. .. .

      471,913,090,741,530,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years. . . or so. . . give or take. . . speed up your trials by a thousand, and you can drop off two or three zeros. . .

      1. I take the exact sentence as it is written in the article:

        all combinations of a SIX-character alphanumeric passcode with LOWERCASE LETTERS and NUMBERS.

        In short : abcdefghijklmnopqrstuvwxyz0123456789 = 36 characters

        Password to decode = 36^6 = 2’176’782’336 and that’s REALLY not a lot.

        Admitting the usage of special characters, you know exactly that the usage of these characters are limited to the most common ones (@#%&$!+-). This complexifies a bit but not so much.

        But leaving that by side… As I said there are precalculated hash tables. As long as you have sufficient calculation power to work those out in advance (What Apple, Google and most agencies have) it’s just a joke to get the data.

        1. What part of the article is WRONG do you fail to understand? Apple does not limit complex pass codes to a mere six characters. You are grasping at straws. You are trying to sound erudite on the subject, but you really aren’t. Hash tables aren’t going to help on finding a large random pass code. . . especially one that locks you out after a number of wrong tries. And erases the data on more. That data better be mighty important to spend the time to try and get at it. You are blowing smoke. Mostly you are spreading Fear, Uncertainty, and Doubt.

        2. Who knows what “Apple security report” and from when this ignorant reporter is quoting. I researched Apple’s current pass code suggestions, not what some unknown yahoo said who knows when. They are secure.

        3. Ok, Novad and Greg L., I have found the answer to the New York Times misinformation. They took their pull quote out of context. . . completely out of context. Here is the full context from Apple’s September 2014 Security statement which makes the five and a half years fully understandable and explicable. It also makes it clear that Apple was not limiting their passwords to six characters but merely using it as an example.


          The passcode is entangled with the device’s UID, so brute-force attempts must be performed on the device under attack. A large iteration count is used to make each attempt slower. The iteration count is calibrated so that one attempt takes approximately 80 milliseconds. This means it would take more than 51⁄2 years to try all combinations 
 of a six-character alphanumeric passcode with lowercase letters and numbers.”

          Further up in the document, Apple states that the UUID is hardware encrypted on the device to a 256 bit, before being used for entanglement with the user’s own passcode. Downloading the encrypted data would do no one any good for a brute force attack.

          Again, try a little research before you assume Apple is incompetent.

      2. So, you, Swordmaker, say one can use the expanded character set when making a password. Apple (a recognized “reliable source”) says passwords are limited to upper- and lowercase alpha plus numerics. That’s 62 characters. And—just pardon me all over the place—but I’ll assume Apple is correct here.

        So, 62^6 is ~56.8 billion combinations. Now…

        If one was forced to enter tens of billions of password combinations using the touchscreen user interface of an iPhone, it would indeed take an impractically long time to gain access. That would prevent nosy neighbors, low-life street thugs, and your basic ” rel=”nofollow”>Barney Fife at a small local sheriffs office from gaining access to your data—that is, unless your password is something common and unwise, like 123456.

        However, since your average high-performance PC with an 8-core microprocessor can perform over 50 billion floating point calculations per second, any law enforcement agency with a court order can compel Apple to do precisely what Apple has just now declared they will do: “…turn over gibberish, along with a note saying that to decode the phone’s emails, contacts and photos, investigators will have to break the code or get the code from the phone’s owner.”

        No one in their right mind thinks Apple is going to provide the law enforcement agency a printout of the data a half mile tall; that’s what 64 GB of data is literally equivalent to. No, Apple will—under court order—provide digital data—in all likelihood cases—a handful of DVD ROMs.

        What will places like the FBI do? They’ll load the data into a regular, high-performance PC, run some brute-force code-cracking software (that also starts with intelligent guessing of common passwords) and have an answer in a minute or two.

        What will the NSA do if some nutwad terrorist is captured and has his iPhone captured confiscated by Seal Team 6? They’ll load the data into their code-cracking supercomputer and have the answer waiting before the spy dude’s eyes can refocus from the keyboard to the computer monitor.

        All Apple did with their press release was get themselves off the legal hook by publicly and honestly declaring the extent to which users’ data is safe. It’s up to the reader to draw their own conclusions. At that F.B.I. news conference, all James B. Comey delivered was theater; he’s not seriously worried about inability to access iPhone data in the future.

        If all of this offends anyone’s sensibilities, well… tough. I seriously doubt anyone is A) all that important, and B) all that dangerous. And if you are (that important and that dangerous), then don’t store your critical data on how you plan to set off a dirty radiological bomb on Wall Street on your iPhone. Why? Because your average American civilian can rest assured because there are guys standing on walls saying “Nothing’s gonna hurt you tonight. Not on my watch.”

        1. You seem to think breaking a 128 bit cypher is easy. It is not. Supercomputers at the NSA are built on the same principles as supercomputers elsewhere they aren’t magic. Look at those numbers I posted above. Add a billion calculations or two per second to those numbers and drop a few zeros off those YEARS. maybe they’ll get lucky and the passcode is easy. But keep in mind the estimated age of the universe is only 18,000,000,000 years. Compare that to the number of years above. The orders of magnitude are astounding.

          1. You seem to think that 128 bits (3.4E+38) makes things hard. It does, but only if the user is allowed a password space with equally many possibilities.

            According to the article, Apple’s technical guide allows only a “six-character alphanumeric passcode with lowercase letters and numbers.” You say otherwise. But you aren’t what is known as a “reliable source.”

            Now, 26 uppercase alpha plus 26 lowercase alpha plus ten numeric is 62 characters to chose from. And 62^6 is only 56.8 billion possibilities—astronomically fewer possibilities than what 128-bit encryption is capable of. Anytime you limit a password to only six characters, you cripple any good crypto scheme—even if it is 512 bits.

            You also wrote above of authorities “[trying] ten combinations a minute.” That is just absurd; as I wrote above, the authorities would crack the data using automation,/i> using a powerful computer, not wearing out human’s fingers poking at an actual iPhone.

            Just what is going on with you, Swordmaker? Are you working for the NSA and trying to disseminate utter nonsense in hopes it will propagate through the ether of the Internet? Or are is all this really that difficult for you to understand?

            1. Oops. I just now (carefully) parsed what I was reading in the article. “[S]ix-character alphanumeric passcode with lowercase letters and numbers” means there is no uppercase allowed in the password. Thus, there are only 36 possibilities per character—passwords like “sucks6”.

              Since 36^6 is only 2.1 billion combinations, it will take authorities even less time using a code-cracking computer than what I originally wrote.

              The use of astronomical-possibility bit sets in the cypher is near useless if the end user is limited to only a couple billion possible passwords.

            2. I love the way you add the word “only” to the number of characters a password can have. That word simply does not exist in Apple’s iOS Security Document in reference to that definition, nor does it limit to just lowercase and numbers. “Only” is not even in the NYTimes article.

        2. You claim I an not an “authoritative source,” but after 35 years in the industry, I think I’m qualified to be an authoritative source on what computers are capable of doing. And they are not currently capable of doing what you to FUD spreading bozos are claiming. Just because your 8 core computers can do 50 billion floating point calculations per second internally, does NOT mean you can crunch that much complex data that fast. . . your computer is limited by the ability to move that data in and out of the processor and the storage speeds of its RAM. Look again at the sheer size of the number of potential combinations.

          Next, let’s address the sheer ignorance of that idiot at the New York Times and your willing acceptance of the misinformation in the article. I find even I have been wrong about Apple’s limitations on Passcodes. You want proof? Consider this article from TUAW from March of 2014, where the author set up a Complex Pass phrase on his iPhone 5s consisting of ninety (90) characters and could use both upper and lower case letters, numbers, and special symbols. At 90 characters, we are now looking at a number over a Googol of potential combinations in size! He then shows the readers how to simply do the same thing on their iOS devices. Here is the link to an authoritative published source:

          How to set up a complex Passcode on your iOS device.

          Apple itself says on their website: “For a strong password, use a combination of upper and lowercase letters, numbers, and special symbols.” I’ll let you search for that yourselves, as homework.

        3. Update: I was just reading Apple’s new iOS Security page released in September 2014 and now all iOS 8 devices are encrypted to AES 256 bit encryption, not 128 bit. Much better. In addition, the passcode for the Secure Enclave is “entangled” with each device’s UUID and an “anti-replay counter” and is therefore completely unique and is unknown to Apple or any other authority.

          This 256 bit data encryption will assure that when the data is uploaded for safe-keeping on iCloud, neither Apple nor anyone else will be able to break the encryption.

        4. Read what I posted above. Apple indeed DOES require that the passcode must be entered on the device. . . you can’t load the data into another computer and get anywhere.

    2. If by alphanumeric you mean uppercase, lower case and zero thru nine, then you have sixty-two possible alphanumeric choices. With six characters in a pass code, then I think that all possible permutations means (52 ^ 6) x 6, which is 118,623,657,984 possible pass codes. Since your computer has to send each pass code attempt to the idevice, I suspect there probably is a one-second turn-around with each attempt, so that’s about 3,761.5 years to run the full gambit, if my math is right.

    3. Greg L and Novad. . . This will slow attempts down even more:

      “On a device with an A7 or later A-series processor, the key operations are performed 
 by the Secure Enclave, which also enforces a 5-second delay between repeated failed unlocking requests. This provides a governor against brute-force attacks in addition to safeguards enforced by iOS.

      I’m hearing crickets from you FUD spreaders. . . Wonder why.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.