|
|
|
|
|
|
by lilyball
2999 days ago
|
|
|
You're not missing something. The author doesn't seem to understand how iOS's disk encryption works. It's not "full disk encryption" in that the full disk is not encrypted with one key. However, every single file on the disk is encrypted, with separate keys, and the various levels of security (e.g. "accessible always", "accessible when unlocked", etc) are managed by storing these keys in different key bags whose own keys are evicted from memory at the appropriate times. Which is to say, it's not classic FDE, but if you were to take the storage out of an iPhone and inspect it, you'd find that everything in the filesystem is in fact encrypted. |
|
|
Making this technology more convenient is just as important for making people secure as the algorithms themselves, because otherwise, almost no one will use them (PGP-encrypted email being the classic example).