Hacker News new | ask | show | jobs
by GlenTheMachine 2991 days ago
β€œOn iOS, there is no full-disk or full-volume encryption, only varying levels of file-based encryption...”

I don't understand this claim. iOS had full disk encryption starting with iOS 3.0, in 2010. Or at least Apple (and other security experts) says it does:

https://darthnull.org/security/2014/10/06/ios-encryption/

Am I missing something here?
2 comments
lilyball 2991 days ago
You're not missing something. The author doesn't seem to understand how iOS's disk encryption works. It's not "full disk encryption" in that the full disk is not encrypted with one key. However, every single file on the disk is encrypted, with separate keys, and the various levels of security (e.g. "accessible always", "accessible when unlocked", etc) are managed by storing these keys in different key bags whose own keys are evicted from memory at the appropriate times.

Which is to say, it's not classic FDE, but if you were to take the storage out of an iPhone and inspect it, you'd find that everything in the filesystem is in fact encrypted.

link
drodgers 2991 days ago
Yep. And this layered encryption is great because it allows β€” for example β€” your phone to boot up before you enter a passphrase.

Making this technology more convenient is just as important for making people secure as the algorithms themselves, because otherwise, almost no one will use them (PGP-encrypted email being the classic example).

link
tinus_hn 2991 days ago
The full disk is not very useful though because the disk is automatically unlocked at boot.

Anything you can see after starting the phone without entering your passcode is effectively not encrypted.

link