|
|
|
|
|
|
by kurthr
2975 days ago
|
|
|
The idea is that each of the secret keys (not nonces) would be kept on paper in a well observed location, with only the public keys leaving. The building would be operated by whoever is responsible for generating the keys and showing that their keys aren't (hopefully yet) compromised. They could allow the public to observe and perhaps the boxes could be marked with the range of IMEIs/keys contained within. If the cops want to go in and get a key out of a box, they can get a warrant to do it but everyone can know which few hundred thousand phones have been compromised. It doesn't completely prevent malfeasance... it just makes it a PITA. |
|
|
* there is no advantage in having cops come over: either a secret is revealed or it is not. Any information to convince Apple concerning a specific case or phone could just as well be sent over the internet. Allowing them to enter looks like a serious threat vector to me, they could plant things, smuggle things out...
* Either Apple is faithfully reporting each count of the cops unlocking a phone, or it isnt. In the case of requesting over the internet the cops can't bring in devices to look through closed boxes or whatever.
* Is your fear rooted in a perceived sense of insecurity because of the small passcode (4 decimal digits) and the effect that would have on the security of the encrypted(passcode+nonce)? because that is exactly why the random nonce is there, in theory the user could select his own nonce and have it burned in efuse memory, but he would only be able to change the nonce a limited number of times. Then the user can roll as many dice as he wants and xor bits to smithereens ;)
but it all stays crap key escrow, its just a big "Eureka!"-show trial balloon to gauge public acceptance, no?