| ▲ | Noaidi 6 hours ago |
| Apple will do this too. Your laptop encryption key is stored in your keychain (without telliing you!). All is needed is a warrant for your iCloud account and they also have access to your laptop. sixcolors.com/post/2025/09/filevault-on-macos-tahoe-no-longer-uses-icloud-to-store-its-recovery-key/ |
|
| ▲ | betaby 4 hours ago | parent | next [-] |
| > Your laptop encryption key is stored in your keychain Probably not if one is not using Apple cloud on their laptops. > stored in your keychain (without telliing you!) How to verify that? Any commands/tools/guides? |
|
| ▲ | _blk 6 hours ago | parent | prev | next [-] |
| Thanks, that's good to know. I suspect WhatsApp's "we're fully E2E encrypted" would be similar too. |
| |
| ▲ | cedws 6 hours ago | parent [-] | | It's most software. Cryptography is user-unfriendly. The mechanisms used to make it user friendly sacrifice security. There's a saying that goes "not your keys not your crypto" but this really extends to everything. If you don't control the keys something else does behind the scenes. A six digit PIN you use to unlock your phone or messaging app doesn't have enough entropy to be secure, even to derive a key-encryption-key. If you pass a KDF with a hardness of ~5 seconds a four digit PIN to derive a key, then you can brute force the whole 10,000 possible PINs in ~13 hours. After ~6.5 hours you would have a 50% chance of guessing correctly. Six digit PIN would take significantly longer, but most software uses a hardness nowhere near 5 seconds. | | |
| ▲ | bigyabai 2 hours ago | parent [-] | | Take it a step further, even - "End-to-End-Encryption" is complete security theater if the user doesn't control either end. We joke and say that maybe Microsoft could engineer a safer architecture, but they can also ship an OTA update changing the code ad-hoc. If the FBI demands cooperation from Microsoft, can they really afford to say "no" to the feds? The architecture was busted from the ground-up for the sort of cryptographic expectations most people have. |
|
|
|
| ▲ | eddyg 6 hours ago | parent | prev [-] |
| Wrong. You can (and should) watch all of https://www.youtube.com/watch?v=BLGFriOKz6U&t=1993s for the details about how iCloud is protected by HSMs and rate limits to understand why you’re wrong, but especially the time-linked section… instead of spreading FUD about something you know nothing about. |
| |
| ▲ | bigyabai 2 hours ago | parent [-] | | You can say anything you want in a YouTube video or a whitepaper. It doesn't have to correspond to your security architecture. Where's the source code? Who audits this system? |
|
