Here's How Law Enforcement Cracks Your iPhone's Security Code (Video)

Discussion in 'privacy technology' started by Dermot7, Mar 29, 2012.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The guy whose encryption standard you're praising says AES is the next best thing. Everyone else at that conference agrees. These are not government agents these are crypto geniuses.

    Blowfish is fine. AES is fine. Blowfish is potentially more secure in that generating keys is slower over large periods of time. AES is potentially more secure in that it has 4x the block size. This makes blowfish better for small files (Firefox's master password uses this iirc) and AES better for large files.

    You do not simply crack encryption, you do not simply build a backdoor into one. These aren't programs the way you're used to thinking of them they're pure math.

    If you aren't willing to listen to them who are you willing to listen to?

    Sums it up for me.
     
  2. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
  3. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    lol very true.

    If they know the tool used to encrypt it they can guess. Like if I see a bitlocker partition I can say "Oh, it's 128 or 256AES" but that's it. There might be some other method to tell.
     
  5. x942

    x942 Guest

    There is no way to tell. Unless there is a flaw in the algorithm the data is pseudo-random. All pseudo-random data is just that: pseudo-random data. You can't discern any information from it.
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    That's what I figured. I mean, with bitlocker you know it's AES but I don't see how else you could verify the information. If there's a hidden truecrypt partition it's impossible to tell.
     
  7. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
    The question that crosses my mind at this point is how is cipher hacking performed, considering that you cannot determine what type of encryption is used? How does an attacker determine what approach to use (other than brute forcing the password)? Like for example, faced with an encrypted file, a hacker might treat the file as an AES, only to discover a year later that it was actually DES and he should have approached the issue differently?

    Noob here, so if my question doesn't make sense, please tell me why. Thanks.
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Normally it's a matter of bruteforcing the key and flipping 2^128bits or 2^256 bits depending on the cipher.

    If you have cryptographic flaws you can perform hash collisions, which are incredibly limited in what they can do and incredibly rare even in older ciphers like MD5. You have to get two separate pieces of information to hash same thing and then if that information is present in a piece of data you could potentially get the key or some such thing.

    If you're present for the actual encryption you can perform side channel attacks. Side channel attacks basically watch the hardware to try to tell what the software is doing. (For this the device has to be turned on and you would need to encrypt it with the same key the same exact way... so yeah. It's more for "stealthy" hacking, like a keylogger sorta deal but way more advanced.)

    If you don't know which cypher is being used you don't have a leg to stand on, really. In computer security you always assume that the attacker not only knows the system but that they likely know it better than you do - so that's probably not the best way to do it.

    Cracking into encrypted data is hard especially for modern ciphers. That's why tee idea that these ciphers are backdoor'd is a bit silly to me - it doesn't really make sense. You do not simply build back doors or find gaping flaws in modern crypto. I can not stress this enough. Even when flaws are found they are not always practical and this has been true time and time again.
     
  9. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,955
    Location:
    Somethingshire
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.