[saurik]

It takes mere minutes for us to crack the 4- digit passcode on the iPhone 4 (which I only specify as that's where we were last able to easily do this in the jailbreak community; it might be faster now), and most people likely don't use terribly strong passwords; the FBI might also have "leads" on what the password is, but not good enough ones that they feel confident dealing with ten attempts. This is a backdoor to the lock: you can quibble with me over the definition of "unfettered" (I do not consider "it will take some time, but I absolutely have a 100% chance of getting access without fail" terribly "fettered", but it definitely is more than the people who are frustrated with this situation seem to want the FBI to have).

> FBI demands from Apple to change their product (iOS) to make the encryption cracking attempts by FBI easier.

... and we should be thankful the FBI didn't simply demand the 4096-bit key Apple uses to sign firmwares, because that's all they actually need--nothing more than 512 bytes of data--in order to accomplish the thing everyone is upset about here.

[acqq]

> It takes mere minutes for us to crack the 4- digit passcode on the iPhone 4

Please make it then for iPhone 5C. You would do the world a favor.

If you claim you don't have the needed RSA key, then you confirm that the encryption actually works. And you know that your "tool" wouldn't work on the copy of the encrypted data, too. Nice for consumers, isn't it, hardware-dependent functioning encryption by Apple.

[saurik]

I don't... you just seem really confused here :(. You are conflating the key used to sign the data on the disk with the key used to sign a software update for the system; the FBI here wants firmware for the device, signed to work on this device, that will allow them to brute force the PIN code (or password) used to generate the disk encryption key. I am saying that the actual software is something that many people in the community could build, and would require almost no effort for Apple to produce. The only reason I, in fact, can't do this, is because I don't have a key that Apple is sitting in possession of right now: the key that is used to sign these firmware updates. That one key is the backdoor, as that key is the only thing standing between someone and accomplishing what the FBI wants, and it will let you do not only this but all kinds of other evil things you want to do to anyone's phone.

[acqq]

And "that one key" isn't a few bytes in your mother's basement, it's something with which all the Apple's products, hundreds of millions, are secured and are to be secured and which you should not have, FBI should not have, and should not be misused without proper laws made. This time, instead, All Writs is attempted to be used.

It's wrong and dangerous, not because only the key, but because the way the whole issue is constructed, the demand to Apple is to "just" change the iOS (Apple's product) "because we say so and we can." Dangerous precedent.

It's not "give us the data from the phone." FBI has the data already. They are encrypted, and FBI locked themselves out. Bad luck.

[saurik]

Which is probably why the FBI didn't ask for access to this key (which, FWIW, is stored in an HSM at Apple, and so would have to be "borrowed" rather than copied): instead, they are asking Apple to provide a firmware which can be used "onto the SUBJECT DEVICE" (capitalization is from original text). The firmware update process requires signing a hash of the firmware with at least (depends on the device) the ECID of the specific device in question, and so if Apple complies with the order as written they actually only empower the FBI against this specific device. Again: they make it sound like some herculean task to build the software, but the only actual complexity here is the signing.

[acqq]

The "actual complexity" estimated by a single hobby programmer only at the technical level is not the way this attempt should be evaluated, as I've already pointed. It's the All Writs use to request the change of the product used by hundreds of millions and the precedent of it, that is the main issue here:

In Cook's words:

http://techcrunch.com/2016/02/22/in-employee-email-apple-ceo...

"We feel the best way forward would be for the government to withdraw its demands under the All Writs Act and, as some in Congress have proposed, form a commission or other panel of experts on intelligence, technology and civil liberties to discuss the implications for law enforcement, national security, privacy and personal freedoms."

It is far from "just one small thing." As far as I understand you've already made some unauthorized changes to Apple products, and I can understand how you see it as "easy" but your technical experience, even if it's notable, is not the topic.

[saurik]

...which is a complaint with the law, which is fine: you can complain about that law all you want. The problem I have is with stuff like their answer to the question "Could Apple build this operating system just once, for this iPhone, and never use it again?", which essentially is outright lying: the "master key" in question is their signing key, not some piece of trivial software they develop (and then sign) in order to automate this process for the FBI. Apple already has the only master key of relevance: that key already exists; the idea that the master key is something that they need to "build" and then would have to "protect" is them trying to divert attention from what is actually important.

Even if you think I'm wrong (to which I highly recommend you ask some other people, preferably strong developers, as the idea that this is difficult for Apple to build isn't me "estimating" here, it is the kind of idea that should be discarded at the face of it as it is so absurd... this is something they could assign an intern to and it would still be done in a few hours), then we are just talking about some different time period for someone to build the software here: whatever it is, it is fundamentally insignificant in comparison to Apple spending a few minutes to use their key and sign the firmware. The world isn't somehow different once that software exists, even if you think it is hard to build: what is fundamentally different is only that people realize the government might be able to force Apple to use their key.