Hacker News new | ask | show | jobs
by new299 1777 days ago
This document contains the following:

> As part of setup, the device generates an encryption key for the user account, unknown to Apple.

The question is, how is this generated. Can it be re-derived from information Apple has? If not, how will Apple handle cases where the user loses or breaks their device?

Is it derived from the iCloud password? Currently Apple can reset your iCloud password and restore access to your images. Will Apple no longer be able to do this in the future?

It’s really unclear to me, and I’d want explicit answers to these questions personally.
1 comments
nicce 1777 days ago
This seems to be explained on white paper of PSI system[1]. A lot of math is included, but on the page 30 there is a mention that different devices can be used. I am not the one who can explain that well.

[1]: https://www.apple.com/child-safety/pdf/Apple_PSI_System_Secu...

link
new299 1777 days ago
Sure, different devices can be used they share the same key as stated in the document.

But it’s still not clear how that key is derived. It’s not clear, as implemented that Apple do not hold a master key to decrypt all data (as they do currently).

In fact, if the key is randomly generated, if you have one device (as many users do) and you lose that device. Do you lose all your data? Even if you have your iCloud password?

It doesn’t make sense. It would be a massive change to how iCloud currently operates and is used. And I find this extremely unlikely.

Right now, you can browse your photos online. That functionality is going away?

There are seemingly many open questions. But given that there’s no clear statement from Apple, I’m inclined to believe that they retain the ability to decrypt all data.

link
nicce 1777 days ago
Most likely you can’t browse your photos online anymore, unless they add some kind of method to export keys from the device(s). I speculate that it is possible to lose all of your data if you lose all of your devices. There might be option to create local backup from device keys, so it would not be the dead end.
link
new299 1777 days ago
Given the lack of an explicit announcement this seems very unlikely.

I don’t think Apple are stupid, it would have been a clear PR win if they said “we’re adding E2EE”.

Given no explicit statement, and how drastically it changes the nature of their service, I don’t think your speculation is justified.

link
nicce 1777 days ago
The problem is, that this was not supposed to be released properly yet. Missleading leak caused them to hurry. About E2EE it is not speculation because it is literally on their papers what I linked?
link