Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
otterley 2 hours ago

> I think the Bitlocker "vuln" is a good reminder not to use vendor provided encryption for any sensitive data

I don't think that's true. Some vendors have a better track record than others. Nobody's popped the storage encryption on iOS or MacOS devices yet AFAIK; and the fact that it's tied to a hardware secure element makes it pretty strong.

Veserv an hour ago | parent | next [-]

Ah yes, the bizarro world where systems are normally unhackable so the default assumption is impenetrable security and you need to prove they are insecure.

Thank god this is not the world where things get hacked all the time and where any claim of meaningful security is a extraordinary claim that demands extraordinary evidence and proof before credibly asserting it, but everybody just ignores that part and just pinky promises it and everybody just believes them for the 104th time without evidence.

an hour ago | parent | next [-]
[deleted]
otterley an hour ago | parent | prev [-]

Sarcasm is not welcome on Hacker News.

https://news.ycombinator.com/newsguidelines.html

Please read and follow the guidelines. If you have something substantive to contribute, like a story about it being popped, or a technical critique of Apple’s implementation, please do so.

You may also refer to Apple’s platform security white paper: https://help.apple.com/pdf/security/en_US/apple-platform-sec...

thefz 2 hours ago | parent | prev [-]

You mean aside from the NSA? https://en.wikipedia.org/wiki/PRISM

otterley 2 hours ago | parent [-]

I don't see anything on the linked page that supports a conclusion that NSA has successfully broken the encryption at rest of an Apple device's storage since they introduced the secure element.

Care to share a quote?

ffsm8 an hour ago | parent [-]

Prism targeted network communication to my knowledge, hence the data wouldn't be siphoned from at rest encrypted devices. Instead it would've been leaked before it was copied to that local encrypted device, whenever it was transmitted over the wire. Eg when your background task uploaded it to iCloud or similar.

dcrazy an hour ago | parent [-]

It’s worth remembering that since Snowden, much of iCloud is now end-to-end encrypted using keys that Apple cannot unwrap: https://support.apple.com/guide/security/secure-icloud-keych...

ffsm8 an hour ago | parent [-]

Fwiw, that's a clear statement - but only that.

There is no way for us, the users, to know wherever they have the capability to add additional keys to decrypt the data because the platform isn't open source and doesn't have attestation wrt what's actually serving the requests.

And it's worth remembering that apple had similar articles published before prism too which were ultimately proven to be groundless by prism.

otterley an hour ago | parent [-]

What, exactly, was proven to be groundless?