|
|
|
|
|
|
by russgray
3744 days ago
|
|
|
Apple's description is here https://www.apple.com/business/docs/iOS_Security_Guide.pdf, and you can find varying quality of discussion in the media by searching for Secure Enclave. Basically, the Secure Enclave contains a 256-bit AES key physically fused into the silicon during the chip fabrication process. Apple don't know this key, and neither do the manufacturers. It's different on every iPhone. The key cannot be read by any software, or the OS, or even firmware. All that can be seen is the result of using it in a crypto operation. The key used for actual encryption on iOS is derived by taking an intermediate key derived from the PIN, and then entangling it with the Secure Enclave key (and, I believe, the CPU's key, which is also unique and fused into the hardware, but not quite so secretive). This effectively ties the crypto process to the phone - if you take a data dump of storage and try to brute force it on some more powerful kit, cracking the PIN isn't enough. You'll also have to crack both the AES keys. This isn't universal across all iPhones - I think the 5S onwards have it. |
|
|