Don’t disclose your password lengths. It significantly decreases the effort required to guess it.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Anti-Surveillance Coalition That Includes Apple Condemns Proposals for Device Backdoors
- Thread starter MacRumors
- Start date
- Sort by reaction score
I fail to see why this is such a big deal.
I don't see people raging all over internet just because your local keysmith have the potential access to your house? Exactly what, on your phones/computers is of such importance that it has to be protected by the outmost secrecy?
Before I got fingerprint scanner on my phone I didn't even bother with having a passcode. The reason for having passcode/fingerprint on my phone now is because it's too much hassle not having it since all smartphone makers seems equally obsessed with protecting the nuclear codes everyone keeps in their phone.
All I really want is a simple, fast, killswitch on my phone. Not just "lock" it, I want it dead. If someone steals it, I want to remotely kill it for eternity. Something like in Impossible Mission, no less.
I don't see people raging all over internet just because your local keysmith have the potential access to your house? Exactly what, on your phones/computers is of such importance that it has to be protected by the outmost secrecy?
Before I got fingerprint scanner on my phone I didn't even bother with having a passcode. The reason for having passcode/fingerprint on my phone now is because it's too much hassle not having it since all smartphone makers seems equally obsessed with protecting the nuclear codes everyone keeps in their phone.
All I really want is a simple, fast, killswitch on my phone. Not just "lock" it, I want it dead. If someone steals it, I want to remotely kill it for eternity. Something like in Impossible Mission, no less.
True, but just to put that into perspective, GrayKey would need 4,81606352×10^18 millennia to guess his password if it doesn’t know the length. You can shave some of that off by knowing the length, but I wouldn’t be so worried. The heat death of the universe will happen first.
In my town, all gated communities (apartments, condos, single-family homes, etc) have a keypad with a pin code to open the gates for emergencies such as fire and police. The fire and police had a "backdoor" pin code to allow them access to any gate in the community.
Even the gate systems where residents use a badge or key fob (and no pin) still have a keypad off to the side of the gate for emergency and maintenance personnel.
When I had an apartment in such a community, I would see people who are NOT fire or police get out of their cars and open the gates with that code. Every day. I never saw so many strangers walking their dogs and casing the community for Amazon deliveries as I did the day after they installed the gates!
There's your example of a "backdoor". When security allows MORE people in, then we have something called a "bad idea". The worst idea.
[doublepost=1525326916][/doublepost]
For example, I use a 4 character code. I just told you that. Now how do you know I don't REALLY use a strong 12-character passcode with letters, numbers, and even an emoticon or two? You don't. Have fun looking for my 'four letter word".
This would be a fun game. By the way, my router's SSID is "Charbuck$ Coffee", the admin password is "admin", and the guest account is wide open. Come on in, the water is warm! Now, do you think you'd have a snowball's chance in hell of actually finding my router, even if I gave you my street address?
Okay, I lied. My admin password really is "GetThe$)ckOffMyL@wn". Unless it's not.
[doublepost=1525327189][/doublepost]Okay, truth. My passwords are all 256 characters in length. It's been 7 years since I last used an 8 character password. I haven't gotten any actual work done since 2011, but the good news is that I have nothing to protect, either!
Even the gate systems where residents use a badge or key fob (and no pin) still have a keypad off to the side of the gate for emergency and maintenance personnel.
When I had an apartment in such a community, I would see people who are NOT fire or police get out of their cars and open the gates with that code. Every day. I never saw so many strangers walking their dogs and casing the community for Amazon deliveries as I did the day after they installed the gates!
There's your example of a "backdoor". When security allows MORE people in, then we have something called a "bad idea". The worst idea.
[doublepost=1525326916][/doublepost]
One never knows if he gave the wrong length on purpose. It could be a strategy. It's my strategy.
For example, I use a 4 character code. I just told you that. Now how do you know I don't REALLY use a strong 12-character passcode with letters, numbers, and even an emoticon or two? You don't. Have fun looking for my 'four letter word".
This would be a fun game. By the way, my router's SSID is "Charbuck$ Coffee", the admin password is "admin", and the guest account is wide open. Come on in, the water is warm! Now, do you think you'd have a snowball's chance in hell of actually finding my router, even if I gave you my street address?
Okay, I lied. My admin password really is "GetThe$)ckOffMyL@wn". Unless it's not.
[doublepost=1525327189][/doublepost]Okay, truth. My passwords are all 256 characters in length. It's been 7 years since I last used an 8 character password. I haven't gotten any actual work done since 2011, but the good news is that I have nothing to protect, either!
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
I local keysmith enters your house, you can do something about it. If government does it, you can't do anything about it.
One never knows if he gave the wrong length on purpose. It could be a strategy. It's my strategy.
For example, I use a 4 character code. I just told you that. Now how do you know I don't REALLY use a strong 12-character passcode with letters, numbers, and even an emoticon or two? You don't. Have fun looking for my 'four letter word".
One could lie about this, but the main point is to educate users to be more conscious of privacy and security.
(And that GrayKey is easy to avoid with a fairly simple password.)
True... but have you also packed a couple years worth of canned food and water in the bomb shelter incase we get hit by a meteor?
[doublepost=1525329445][/doublepost]
lmaooooo tinfoil hat is so strong here
Security is what protects your life. The elected government is your security not Apple or any other commercial enterprise. You can't have money buying power. It's the people with their vote who decide. The government must have control then if you don't like what they do with it you vote them out. It's called democracy. Apple would call it a bad business model. Apple is way too big for its boots.
Yes that's good; just like "Google, Microsoft, Dropbox, Snap, Evernote, LinkedIn, Oath (owned by Verizon) and Facebook" who are also part of this "anti-surveillance-coalition" but you didn't highlight them.
The Reform Government Surveillance coalition sounds like a WWE tag team.
It would be pretty cool if those Companies ran America (instead of the plonker who currently does).
You guys could then start advancing with the times instead of going backwards.
It would be pretty cool if those Companies ran America (instead of the plonker who currently does).
You guys could then start advancing with the times instead of going backwards.
This quote is the reality of the situation. Yes Apple can frustrate the FBI by saying "no" to backdoors and Apple fans whoop and scream "yeah Apple" but if the Government mandates something all companies doing business in that country have to comply. No if or buts it's my way or the highway. Worst (or best) comes to the worst they can plead ignorance to passed indiscretions but if they pass into law "from now on.... or you're illegal" all companies will fall into line unless they are oh so committed to user privacy they would rather give up the, now, offending revenue streams.
Last edited:
It is just funny to see how stupid these government officials are. What is the use of security if there is a back-door of which you know that criminals will, find them ten times faster than any lazy government employee. This is just a bad joke of frustrated people (politicians) having no idea where they are talking about.
[doublepost=1525334820][/doublepost]What people need is a back-door access to the White House to see what this fool and his party of lawyers currently have on the cooker!
[doublepost=1525334820][/doublepost]What people need is a back-door access to the White House to see what this fool and his party of lawyers currently have on the cooker!
Dude. Get your asymmetric encryption algebra correct before you post.
Example for you: Alice encrypts, Bob decrypts
[ENCRYPT BY ALICE]::= Alice ENCRYPTS using BOB's PUBLIC key
[DECRYPT BY BOB]::= Bob DECRYPTS using BOB's PRIVATE key
Got it? To encrypt, Alice never uses any of her keys. And Bob needs his private key to decrypt.
There is no need for a "private key for each user to be held by a company" at all.
In this scheme, REGARDLESS OF SIGNIFICANT HUMAN FLAWS, "Alice is your device, and Bob is Apple":
- Your device ENCRYPTS your PIN using Apple's own PUBLIC encrypting key at the Secure Enclave, where your PIN is stored.
- At the vault, Apple DECRYPTS the PIN using Apple's own uber-guarded, PRIVATE decrypting key.
- As extra credit, to determine validity of the PIN, your device might sign the encrypted PIN with the device's PRIVATE signing key (stored securely in the Secure Enclave, for each device). For this extra credit validation, Apple also receives at the vault the device's PUBLIC signing key.
Last edited:
Facebook doesn't need encryption, they will leak your information anyways encrypted or not.
[doublepost=1525335292][/doublepost]
Fingerprint reader dude!
[doublepost=1525335505][/doublepost]
And than you install an add-on piece of software after purchase and give the government the finger.
[doublepost=1525335774][/doublepost]
A majority vote is not a replacement of privacy.
I guess trolling makes you hard:Facebook doesn't need encryption, they will leak your information anyways encrypted or not.
[doublepost=1525335292][/doublepost]
Fingerprint reader dude!
[doublepost=1525335505][/doublepost]
And than you install an add-on piece of software after purchase and give the government the finger.
[doublepost=1525335774][/doublepost]
A majority vote is not a replacement of privacy.
"Facebook doesn't need encryption, they will leak your information anyways encrypted or not" got any info on those encryted (sic) leaks?
"And than you install an add-on piece of software after purchase" At that point the "add-on piece of software" would be illegal as well; who do propose offers this software? Apple? please...
"A majority vote is not a replacement of privacy" no it's not; but if it happens it's the law, crying won't do you no good.
You're not living in Mr Robot.
Trolling or sarcasm?? No, I live in the Netherlands and are not bound by any US law or what you call democracy. Have a nice day!
The attack that took down an enormous number of computers in the UK's NHS (Nation Health) and endangered the lives of patients used code that was stolen from the NSA. Think about that. The NSA developed an attack that could take your computer down, _and it got stolen_.
If there is one organisation in the world where nothing should get stolen, then it's the NSA (and GCHQ maybe, and the Russians likely have some similar that you would expect to be unhackable, if unhackable exists). FBI are amateurs compared to them. If the NSA can't keep their secrets safe, then the FBI most definitely can't. So any backdoor that the FBI can access, we can be sure that sooner or later criminals can access it, and then the secret services of China, Russia, UK, Germany and so on can. Criminals - that affects all of us. Secret services - that affects anyone important enough to be spied upon. For example everyone important in US government, military, industry and so on, plus the same in all other countries.
Of course, the US president is safe from this, he's got no secrets that are not on his twitter account.
For Apple there is also the problem that if your device gets hacked, today Apple can say "wasn't us, we _cannot_ get into your device". If this was implemented, Apple _could_ get into your device, so that's a big legal problem.
[doublepost=1525346288][/doublepost]
The FBI wanted to examine the phone of a guy who shot lots of people. That doesn't bring any of the victims back. If I understand it correctly, there was no reason for anyone to look at his phone before the shootings.
You may live where you claim but you cast aspersions on a US company, in this case Facebook, said they "Facebook doesn't need encryption, they will leak your information anyways encrypted or not" offered no evidence to try to back up your claim then said you "are not bound by any US law" despite the fact that that no-one gives a damn who or what you happen to be bound by.
I'm just guessing but you're not a international company who harbors the privacy options of billions of users (and I wish they didn't but they do).
You "Have a nice day".
By less than 5 percent. Plus how do you know he's saying the truth? You take ages checking all eleven digit passcodes, but he may have lied to you and his 10 digit password is now safe.
The fact that you even ask this question means that you have already made up your mind about the issue.
I value privacy and, as I use Apple devices, I am glad that Apple also value privacy.
You do what you want. Be prepared. Send a letter with your passwords to your local police station, just in case they need it one day.
[doublepost=1525347393][/doublepost]
You might think that what we have in the UK is democracy, and you might think that democracy is a perfect system where the government looks after the interests of ALL OF its citizens, first and foremost.
Good for you. I disagree with pretty much all of the above.
But that is beside the point. You do know that Apple sells devices all around the world. Do you?
If you were a citizen of ******* (insert any country you want) would you still be happy for the government to have a backdoor to the contents of your computers?
I thought no.
Last edited:
I know others have already said it but I will add my voice. Stay strong Apple. Your position on privacy is one of the main reasons I am so loyal to your entire ecosystem of products and services.
[doublepost=1525349433][/doublepost][QUOTE="You might think that what we have in the UK is democracy, and you might think that democracy is a perfect system where the government looks after the interests of ALL OF its citizens first and foremost.
Good for you. I disagree with pretty much all of the above.
But that is beside the point. You do know that Apple sells devices all around the world. Do you?
If you were a citizen of ******* (insert any country you want) would you still be happy for the government to have a backdoor to the contents of your computers?
I thought no.[/QUOTE]
Well said.
I have always loved the way Sir Winston Churchill described Democracy in a speech to the House of Commons in 1947...
"Many forms of Government have been tried, and will be tried in this world of sin and woe. No one pretends that democracy is perfect or all-wise. Indeed, it has been said that democracy is the worst form of Government except all those other forms that have been tried from time to time."
[doublepost=1525349433][/doublepost][QUOTE="You might think that what we have in the UK is democracy, and you might think that democracy is a perfect system where the government looks after the interests of ALL OF its citizens first and foremost.
Good for you. I disagree with pretty much all of the above.
But that is beside the point. You do know that Apple sells devices all around the world. Do you?
If you were a citizen of ******* (insert any country you want) would you still be happy for the government to have a backdoor to the contents of your computers?
I thought no.[/QUOTE]
Well said.
I have always loved the way Sir Winston Churchill described Democracy in a speech to the House of Commons in 1947...
"Many forms of Government have been tried, and will be tried in this world of sin and woe. No one pretends that democracy is perfect or all-wise. Indeed, it has been said that democracy is the worst form of Government except all those other forms that have been tried from time to time."
Australia was formed as a prison colony and became free
USA was formed on a premise of freedom and has been trying its hardest to become a prison colony ever since.
Oh well. At least the Western Hemisphere still has Canada.
USA was formed on a premise of freedom and has been trying its hardest to become a prison colony ever since.
Oh well. At least the Western Hemisphere still has Canada.