Yes, his biography lives up to the picture.
You sure you want him involved in a criminal investigation?
Posted on 03/22/2016 11:03:12 AM PDT by Swordmaker
Possible modes the FBI may use to break into the iPhone 5C proposed by USA Today. Link only due to copyright only due to copyright restrictions:
FBI could be using these hacks to break into killer's iPhone
More like he said three hours, thinking the counter was simply a variable in memory. If it was, it would be easy.
It’s not though. It’s partially in hardware specifically designed to make it hard to change.
BTW: McAfee, of the well-known virus software company, is now famous for being a crazed drug addict living remotely in South America trying to avoid extradition for murder. Yes, he was brilliant decades ago ... today, he’s ____ing nuts.
Nope. This is the normal time for an iOS update and this Apple event was planned before the FBI began this mess. The lockouts of the passcodes on the iPhone 5C, 5S, 6, 6 plus, 6s, 6s plus, and now iPhone SE are all in hardware, not software easily changed with a mere update that was only 134 MB in size on my iPhone 6S.
Yes, his biography lives up to the picture.
You sure you want him involved in a criminal investigation?
Nope! Not coincidental at all!! (/sarcasm)
“Does that strike anyone else as a little too coincidental?”
They’ve been issuing beta-test versions for months now.
They had yesterday’s new/updated product introduction planned for months. (You don’t introduce upgrades to 3 operating systems, and 2 new hardware products, without tentatively setting the date a year or more in advance.)
The FBI issue arose when Apple was wrapping up _testing_ of iOS 9.3.
Zero coincidence. Multi-billion-dollar businesses don’t completely halt multi-million-user product cycles, or whip up major updates in a matter of days, just because a police agency asks some tough questions.
What is on the killer’s phone that is not available from provider’s phone records (numbers, time duration), GPS tracking records (location over time), emails (archiving) from internet providers???? NSA is supposed track terrorists!?!
All that can be acquired without having the physical phone.
It all looks like another version of going after the gun ban after random killing.
What is left of citizen’s privacy ???
You already pay for your phone that gives the almighty government free access to your private activity.
Yeah, freedom for terrorists, spying on citizens!
McAfee's suggested hack when he explained it was well grounded. . . in the 1980s.
McAfee's idea was to have his engineers search through the iPhone until they found the passcode:
“You need a hardware engineer and a software engineer. The hardware engineer takes the phone apart, and copies the instruction set [the phone’s mobile operating system and installed applications] and the memory. You then run a program called a disassembler, which takes the 1s and 0s and gives you readable instructions,” McAfee said.“Then the [software engineer] sits down and reads through it. What he is looking for is the first access to the keypad, because that is the first thing you do when you input your [personal identification number]. When he sees that, he reads the instructions for where in memory the secret code is stored.”
McAfee previously wrote he would be able to decrypt the San Bernardino iPhone free of charge so that Apple wouldn’t have to put a backdoor into one of its products. At the time, he said it would take three weeks, but he has now suggested he offered that time frame just as a precaution so he basically wouldn’t have to eat his words later.
The trivial nature of unlocking an iPhone does not serve as an indictment of Apple, McAfee said, as “any computer can be [cracked], and it is a half hour job.”
Only one HUGE problem with McAfee's scenario. Apple does not store the passcode anywhere on the iPhone. What is stored on the iPhone is in a completely un-reachable, and unreadable if you could reach it, one-way HASH made from the passcode that cannot be used to derive the original passcode even if you have the algorithm that creates the hash. When the user inputs his or her passcode anew each time, the algorithm, which is also hidden in the same unreachable and unreadable location, re-calculates the one-way hash, which is then compared with the original stored hash. Only if these two one-way hashes match will the iOS device be unlocked.
But McAfee's "half-hour hack" could not possibly work. . . aside from the fact that it would take far longer than a half-an-hour to comb through 1.2 billion bytes of complex code to find any particular piece of code. That would be like reading the entire Encyclopedia Britannica AND the Oxford Dictionary of the English Language in their entirety, looking for one single paragraph. . . which could be hidden inside a photograph, a drawing, or a chart, as well as being in text.
So now you want the court to manage Apple's employee policies as well as design their products which is already against Federal law?
Where did the “38 billion” number come from?
At core (AFAIK), iPhone encryption uses a 256-bit AES key. Any of the smaller numbers referenced (from 10,000 to 38 billion) are just keyspace-reducing techniques to make the security more human-friendly. If you’re going to attack the raw encrypted data (having given up on the hardware used to simplify the user interface while frustrating “lock picking”), you’ll have to take on the full 256 bit key. That key has 10^77 combinations.
Assuming that supercomputer can test 1 key in 1 “calculation”, thus testing 27 quadrillion possible keys per second, it will still take 200,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 (yes, 2*10^68) years to test all possible keys.
BTW: it will take a lot more than 1 “calculation” to test a key. Just evaluating whether you have the right key takes a while.
Hence the FBI’s interest in “rubber hose cryptanalysis”.
And so what if Apple issues an iOS update? That has absolutely nothing to do with the issue. Nobody is going to put it on the terrorist’s phone. It doesn’t affect anything to do with the case. The ONLY conceivable connection the iOS 9.3 release could possibly have with the FBI case is to fix any remaining cracks in the encryption, rendering updated phones completely - and I mean _mathematically_ completely - impervious to cracking without the correct key, short of spending literally orders of magnitude of orders of magnitude numbers of years to crack.
No wonder Swordmaker gets infuriated with some posters. The facts of the case are not hard to understand (though not immediately known in popular culture). A little honest research & thought would ward off inane posts like “golly, Apple issued a long-planned point release to their operating system - CONSPIRATORIAL YA THINK??!?!?!!?!”.
It is so ludicrous that no sarcasm tag was needed. Except, I guess, in your case.
It's both. The data on the Flash drive is encrypted to a far higher standard than the simplistic unlocking passcode. They can't brute force the data on the Flash drive. . . even using the lowest possible size key of 132 characters (Apple permits all 223 characters of the Apple character set to be used), and the fastest available supercomputer sped up by three times which can try 10 trillion keys per year, it would take 5.62 X 10195 years to brute force every possible key!
That is effectively impossible. Why? Consider these facts. Cosmologists will tell you that looking out as far as we can see into the Universe, some 16 billion light years, with all the galaxies with all their stars, planets, and the gas in-between them, of all we can see, everything is made up of approximately 4.75 X 1084 ATOMS . . . and everyone of those atoms will have decayed completely into quarks, leptons, or bosons by approximately 7.84 X 1080 years have elapsed. . . in other words, the Universe dies of heat death in less than 40% of the time required to test all of the possible minimum size keys to just one iPhone's encryption.
The 38 billion number came from my good FRiend WENDLE.
As for computing power and the ability of systems to crack encryption, it just my gut instinct that we are far beyond any conceivable understanding of Moore’s Law and that the ‘official’ technology that we see reported and are made aware of is exceeded by ‘unofficial’ technology yet to be made public knowledge.
I’m certainly no ultimate computer expert, I’ve been in the business since ‘74, seen a lot of changes and the one thing I can say is that at any given moment, whatever is considered ‘cutting edge technology’ can be rendered obsolete before you can blink, in a manner of speaking.
When what you want is the master/skeleton key, it IS unreasonable.
Course, this is AFTER the FBI screwed the pooch out of the gate. ‘Best and brightest’ didn’t think to contact Apple/Google/MS/etc. and say, “We got a phone here used for XYZ. Since the perp is dead, what’s the best way to get to the data w/out loss/locking?”?? Nope, bag it, tag it and when their attempts fail..Oops. “It’s APPLE’s FAULT!!”
Course, the train of abuse from govt and their agencies are long, that doesn’t stop some (not saying YOU), from bending over to shout, “Thank you sir, can I have another?”
There’s more to this than is being listed here.
First, the setting on the phone in question might have the “erase in 10 failed attempts” turned on....or it might be off! The FBI is afraid to attempt the unlock by brute force for fear the setting is on, and the data would be wiped. But who knows, maybe they could run through all the numbers in a few weeks or months and no erase would happen. Also, remember, once they find it, they stop the hunt, so maybe after only a couple thousand attempts it is found, and won’t be the final available choice requiring all numbers to be tried!
Second, people are assuming a 4-digit unlock code. However, the unlock code can be customized and can be a 4-digit numeric (10,000 combos), a 6-digit numeric (1 million combos), a custom numeric code (up to 11 digits), or a custom alphanumeric code (with numbers, letters, and special characters, and can be at least 50 characters, and some say can be more than 90 characters before receiving a warning that that’s too many).
Third, the iphone increases the time required to wait for a repeat unlock attempt after failed attempts! One source says that beginning with the 5th failed attempt, there is a 1 minute wait before the 6th attempt can be entered (and not the nanoseconds a supercompter could use to enter the next number and then next and the next, etc.). The 7th attempt requires a 5 minute wait, the 8th requires 15 minutes, and the 9th and subsequent tries require 60 minute waits between attempts!!!! That will really add to the time required to brute force find the unlock code, assuming it doesn’t go black and wipe the memory at the failed 10th attempt.
Just interesting additional info on this. No wonder the FBI wants Apple to do it for them!
Please enlighten the board on EXACTLY HOW do you know that Apple didn’t simply engineer a backdoor into their phones through the iOS update, and thus settle this encryption dispute with the FBI.
This week, Apple comes out with an update to the iPhone operating system.
Does that strike anyone else as a little too coincidental?
9.3 has been in beta since January. This wasn't rushed out on the spur of the moment.
Not even close. If you are going to try and brute force the actual encryption of the data, you are working with an entire different order of number than 38 billion possible keys. It's not. That's why the passcode has the lockout after certain number of tries, just to prevent this scenario.
But trying to brute force the actual data encryption? You are looking at really big numbers of keys. The minimum number is 132 characters in the key—and it can be as high as 256 characters—and those characters can be any character from the 223 in Apple's character set. We are looking at minimum 227132 possible keys if we assume ONLY the smallest possible key. . . 98,949,396,440,133,673,467,355,218,741,855,379,230,719,691,863,996,535,837,005,199,071,920,493,907,473,461,892,890,162,895,772,013,259,159,565,692,847,327,974,760,753, 169,901,877,597,063,626,918,515,025,792,949,441,907,113,882,860,821,767,095,800,922,329,226,678,914,421,489,165,484,709,632,538,006,346,457,412,366,681,056,861,120,561, 293,027,215,449,723,643,458,567,655,815,396,749,804,905,472,592,479,284,109,521 Keys.
If you want to SAY that number in English, it's:
ninety-eight trescentillion, nine hundred and forty-nine duocentillion, three hundred and ninety-six uncentillion, four hundred forty centillion, one hundred and thirty-three novenonagintillion, six hundred and seventy-three octononagintillion, four hundred and sixty-seven septenonagintillion, three hundred and fifty-five senonagintillion, two hundred eighteen quinnonagintillion, seven hundred and forty-one quattuornonagintillion, eight hundred and fifty-five trenonagintillion, three hundred and seventy-nine duononagintillion, two hundred thirty unnonagintillion, seven hundred nineteen nonagintillion, six hundred and ninety-one novemoctogintillion, eight hundred and sixty-three octooctogintillion, nine hundred and ninety-six septemoctogintillion, five hundred and thirty-five sexoctogintillion, eight hundred and thirty-seven quinoctogintillion, five quattuoroctogintillion, one hundred and ninety-nine tresoctogintillion, and seventy-one duooctogintillion, nine hundred twenty unoctogintillion, four hundred and ninety-three octogintillion, nine hundred seven novenseptuagintillion, four hundred and seventy-three octoseptuagintillion, four hundred and sixty-one septenseptuagintillion, eight hundred and ninety-two seseptuagintillion, eight hundred ninety quinseptuagintillion, one hundred and sixty-two quattuorseptuagintillion, eight hundred and ninety-five treseptuagintillion, seven hundred and seventy-two duoseptuagintillion, thirteen unseptuagintillion, two hundred and fifty-nine septuagintillion one hundred and fifty-nine novensexagintillion, five hundred and sixty-five octosexagintillion, six hundred and ninety-two septensexagintillion, eight hundred and forty-seven sesexagintillion, three hundred and twenty-seven quinsexagintillion, nine hundred and seventy-four quattuorsexagintillion, seven hundred sixty tresexagintillion, seven hundred and fifty-three duosexagintillion, one hundred and sixty-nine unsexagintillion, nine hundred one sexagintillion, eight hundred and seventy-seven novenquinquagintillion, five hundred and ninety-seven octoquinquagintillion, and sixty-three septenquinquagintillion, six hundred and twenty-six sesquinquagintillion, nine hundred eighteen quinquinquagintillion, five hundred fifteen quattuorquinquagintillion, and twenty-five tresquinquagintillion, seven hundred and ninety-two duoquinquagintillion, nine hundred and forty-nine unquinquagintillion, four hundred and forty-one quinquagintillion, nine hundred seven novenquadragintillion, one hundred thirteen octoquadragintillion, eight hundred and eighty-two septenquadragintillion, eight hundred sixty sesquadragintillion, eight hundred and twenty-one quindragintillion, seven hundred and sixty-seven quattuorquadragintillion, and ninety-five tresquadragintillion, eight hundred duoquadragintlillion, nine hundred and twenty-two unquadragintillion, three hundred and twenty-nine quadragintillion, two hundred and twenty-six novemtrigintillion, six hundred and seventy-eight octotrigintillion, nine hundred fourteen septentrigintillion, four hundred and twenty-one sextrigintillion, four hundred and eighty-nine quintrikgintillion, one hundred and sixty-five quattuortrigintillion, four hundred and eighty-four tretrigintillion, seven hundred nine dotriginmillion, six hundred and thirty-two untrigintillion, five hundred and thirty-eight trigintillion, six novemvigintillion, three hundred and forty-six octovigintillion, four hundred and fifty-seven septenvigintillion, four hundred twelve sexvigintillion, three hundred and sixty-six quinvigintillion, six hundred and eighty-one quattuorvigintillion, and fifty-six trevigintillion, eight hundred and sixty-one dovigintillion, one hundred twenty unvigintillion, five hundred and sixty-one vigintillion, two hundred and ninety-three novemdecillion, and twenty-seven ocodecillion, two hundred fifteen septendecillion, four hundred and forty-nine sexdecillion, seven hundred and twenty-three quindecillion, six hundred and forty-three quattuordecillion, four hundred and fifty-eight tredecillion, five hundred and sixty-seven duodecillion, six hundred and fifty-five undecillion, eight hundred fifteen nonillion, three hundred and ninety-six octillion, seven hundred and forty-nine septillion, eight hundred four sextillion, nine hundred five quintillion, four hundred and seventy-two quadrillion, five hundred and ninety-two trillion, four hundred and seventy-nine billion, two hundred and eighty-four million, one hundred nine thousand, five hundred and twenty-one
but the size of the key could be randomly larger. So it could also be 227133 added to the number of keys to try, and 227134, plus 227135 added and so on, all the way to 227256 added. . . giving a tremendously HUGE number of possible keys to test.
Even if your TITAN computer can do 27,000,000,000,000 computations per second, those computations are merely decisions, and it may take a one billion decisions to compare just ONE key to see if it actually succeeds in decryption the data successfully. That means your Titan can only test 27,000 per second.
Calculating that out, we find that you could compare 851,472,000,000 possible keys per year with the Titan. At that rate, it would only take: 116,209,806,593,914,624,870,054,703,785,744,427,568,633,721,207,504,810,301,460,528,440,066,724,340,287,715,735,679,109,701,519,266,939,088,502,843,132,044,241,925,457, 525,205,617,562,366,850,487,761,225,023,194,470,172,963,858,894,739,659,197,015,195,249,199,831,485,264,916,715,387,833,813,135,377,729,928,185,972,857,659,278,426,726, 061,487,888,562,070,911,854,491,581,420,641,841,193,727,418,626 Years to try all the possible keys!
In English:
One hundred sixteen novenonagintillion, two hundred nine octononagintillion, eight hundred six septenonagintillion, five hundred and ninety-three senonagintillion, nine hundred fourteen quinnonagintillion, six hundred and twenty-four quattuornonagintillion, eight hundred seventy trenonagintillion, and fifty-four duononagintillion, seven hundred three unnonagintillion, seven hundred and eighty-five nonagintillion, seven hundred and forty-four novemoctogintillion, four hundred and twenty-seven octooctogintillion, five hundred and sixty-eight septemoctogintillion, six hundred and thirty-three sexoctogintillion, seven hundred and twenty-one quinoctogintillion, two hundred seven quattuoroctogintillion, five hundred four tresoctogintillion, eight hundred ten duooctogintillion, three hundred one unoctogintillion, four hundred sixty octogintillion, five hundred and twenty-eight novenseptuagintillion, four hundred forty octoseptuagintillion, and sixty-six septenseptuagintillion, seven hundred and twenty-four seseptuagintillion, three hundred forty quinseptuagintillion, two hundred and eighty-seven quattuorseptuagintillion, seven hundred fifteen treseptuagintillion, seven hundred and thirty-five duoseptuagintillion, six hundred and seventy-nine unseptuagintillion, one hundred nine septuagintillion, seven hundred one novensexagintillion, five hundred nineteen octosexagintillion, two hundred and sixty-six septensexagintillion, nine hundred and thirty-nine sesexagintillion, and eighty-eight quinsexagintillion, five hundred two quattuorsexagintillion, eight hundred and forty-three tresexagintillion, one hundred and thirty-two duosexagintillion, and forty-four unsexagintillion, two hundred and forty-one sexagintillion, nine hundred and twenty-five novenquinquagintillion, four hundred and fifty-seven octoquinquagintillion, five hundred and twenty-five septenquinquagintillion, two hundred five sesquinquagintillion, six hundred seventeen quinquinquagintillion, five hundred and sixty-two quattuorquinquagintillion, three hundred and sixty-six tresquinquagintillion, eight hundred fifty duoquinquagintillion, four hundred and eighty-seven unquinquagintillion, seven hundred and sixty-one quinquagintillion, two hundred and twenty-five novenquadragintillion, and twenty-three octoquadragintillion, one hundred and ninety-four septenquadragintillion, four hundred seventy sesquadragintillion, one hundred and seventy-two quindragintillion, nine hundred and sixty-three quattuorquadragintillion, eight hundred and fifty-eight tresquadragintillion, eight hundred and ninety-four duoquadragintlillion, seven hundred and thirty-nine unquadragintillion, six hundred and fifty-nine quadragintillion, one hundred and ninety-seven novemtrigintillion, fifteen octotrigintillion, one hundred and ninety-five septentrigintillion, two hundred and forty-nine sextrigintillion, one hundred and ninety-nine quintrikgintillion, eight hundred and thirty-one quattuortrigintillion, four hundred and eighty-five tretrigintillion, two hundred and sixty-four dotriginmillion, nine hundred sixteen untrigintillion, seven hundred fifteen trigintillion, three hundred and eighty-seven novemvigintillion, eight hundred and thirty-three octovigintillion, eight hundred thirteen septenvigintillion, one hundred and thirty-five sexvigintillion, three hundred and seventy-seven quinvigintillion, seven hundred and twenty-nine quattuorvigintillion, nine hundred and twenty-eight trevigintillion, one hundred and eighty-five dovigintillion, nine hundred and seventy-two unvigintillion, eight hundred and fifty-seven vigintillion, six hundred and fifty-nine novemdecillion, two hundred and seventy-eight ocodecillion, four hundred and twenty-six septendecillion, seven hundred and twenty-six sexdecillion, and sixty-one quindecillion, four hundred and eighty-seven quattuordecillion, eight hundred and eighty-eight tredecillion, five hundred and sixty-two duodecillion, seventy undecillion, nine hundred eleven nonillion, eight hundred and fifty-four octillion, four hundred and ninety-one septillion, five hundred and eighty-one sextillion, four hundred twenty quintillion, six hundred and forty-one quadrillion, eight hundred and forty-one trillion, one hundred and ninety-three billion, seven hundred and twenty-seven million, four hundred eighteen thousand, six hundred and twenty-six years
It would take a little longer than a "few days". . .
Most impressive. Thanks for that illuminating post.
So would it be safe to presume that John McAfee’s offer to crack that iPhone is beyond his capabilities? ;)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.