[josefonseca]

> Apple doesn't use scrypt. Their approach is to add a 256-bit device-unique secret key called a UID to the mix, and to store that key in hardware where it's hard to extract from the phone. Apple claims that it does not record these keys nor can it access them.

Technically, this is where it breaks down. As in "Trust me I don't store the keys."

If that hypothesis is true(they don't store these keys), then they'll have a hard time breaking your encryption indeed. But you must trust Apple at that point.

If there was a way to buy an anonymously replaceable chip with this cryptographic key in it and replace it on the phone like a SIM, then we'd be much closer to stating "Apple can't decrypt your phone".

[tptacek]

Right. We'd instead be having a discussion about how Atmel can decrypt your phone.

[josefonseca]

It was just an example how you could detach the secret and the device made by Apple. I'm sure there are better ideas for that. The way this is configured now Apple can decrypt any phone, which voids the argument made in the OP. But I can understand why this will be the unpopular opinion here.