[hatty]

I'll leave it to other hackers to put it more eloquently. Any means to bypass the encryption on iOS 7 and before are vulnerabilities that adversaries can use to bypass the encryption on iOS 7 and before. Apple is basically saying that they didn't build in back doors, which this author is making the case for. iOS 8 data is still available to the government by other means than warrants and at much, much, much higher expense.

[zalzane]

are you sure they built in a real backdoor?

i thought they salted user PINs with a hard-wired nonce that's specific to every device - then when the fuzz needs to get the device unlocked apple looks up what the hard-wired nonce is for that specific device, and then crack the 4 digit pin.

anyone have details on how apple actually unlocked devices?

[wyager]

>apple looks up what the hard-wired nonce is for that specific device, and then crack the 4 digit pin.

Not quite. There are two nonces involved. One is (probably) easy for Apple to extract (the randomly generated, re-writable value in effaceable storage) and the other is (supposedly) very difficult to extract, because it's burned into the CPU hardware. If all works as intended, the only way to extract the second one is to decap the CPU and read it with a microscope.

Also, you can have arbitrarily long PINs, including alphanumeric.

If Apple's security PDF is correct, the only obvious way Apple can break the PIN is via brute force, which I believe they claim to provide when LEAs request it.