undefined | Better HN

0 pointsparenthephobia10y ago0 comments

Any watch can be breached by water, given enough time and pressure. Most watches would not survive very long at the bottom of the Marianas Trench. Similarly, most watches would not survive a few centuries in a shallow pool, even if rated for much deeper immersion.

Although no watch can be absolutely waterproof, not even at a given depth, there are levels of risk one can accept. A watch you can use at 100m for several hours a day is effectively waterproof if that's the harshest treatment the watch will receive.

Similarly, although no cryptographic system is absolutely unbreakable^, there are levels of risk one can accept. And, unlike with watches, we can design cryptographic systems which, except in the face of unforeseen mathematical breakthroughs, or bugs (or backdoors) in their implementation, cannot be broken in the next few hundred years even by a nation state-level attacker.

I think is it reasonable to describe a cryptographic system that can't be broken within the lifetime of anyone alive today as "unbreakable".

^ Except maybe one-time-pads, depending upon how "unbreakable" is defined.

0 comments

Udik10y ago

Your comment (and its sibling) substantially agree with what I wrote - there isn't absolutely unbreakable cryptography, only reasonably secure. Therefore the parent doesn't make sense.

Now, is a cryptography that can't be broken by anyone except maybe (that hasn't even happened yet) through a specific court order signed by a judge, reasonably secure? I think it qualifies as such. If you need even more security, I'm sure you can use specialized software to achieve it - I'm not saying you shouldn't be allowed to.

parenthephobiaOP10y ago

Strictly, it is not the cryptography being broken in this case. The FBI want to guess a (possibly) six-digit pin. The iPhone might have been configured to erase its data on 10 failed PIN attempts, so the current odds are not good. To this end, the FBI want Apple to produce a version of iOS that bypasses this restriction, and install it on the phone.

Assuming I agree that a security system that can be turned off remotely by its vendor is reasonably secure, it is only a specific court order now. If Apple are successfully compelled to produce a version of iOS that bypasses PIN security, it will be much easier for the FBI to request that it be deployed on phones in the future - after all, that version of iOS will already exist then.

If Apple do make it, I am certain there will quickly be a slew of court orders regarding other iDevices that the authorities have in their possession, all of which are likely to be harder to defeat than the court order they would just have failed to defeat.

However, I don't agree that a security system that can be turned off remotely by its vendor is reasonably secure, anyway. There is nothing technically requiring Apple to wait for a court order: the phone will accept their new software whether or not it comes with a court order. Apple could decide to make PIN cracking available to anyone who can prove they own a given iPhone. Given their attitude, they probably won't, but the actual security mechanism is reliant on their goodwill for it to remain unbroken. I don't consider that reasonable.

hnbroseph10y ago

> If Apple are successfully compelled to produce a version of iOS that bypasses PIN security

this would seem a rather scary precedent of forced, unwilling labor. i wonder if it could be construed as "involuntary servitude".

j / k navigate · click thread line to collapse