mox@lemmy.sdf.org to Technology@lemmy.worldEnglish · 8 months agoUnpatchable vulnerability in Apple chip leaks secret encryption keysarstechnica.comexternal-linkmessage-square13fedilinkarrow-up11arrow-down10file-textcross-posted to: apple_enthusiast@lemmy.world
arrow-up11arrow-down1external-linkUnpatchable vulnerability in Apple chip leaks secret encryption keysarstechnica.commox@lemmy.sdf.org to Technology@lemmy.worldEnglish · 8 months agomessage-square13fedilinkfile-textcross-posted to: apple_enthusiast@lemmy.world
minus-squareGlitterInfection@lemmy.worldlinkfedilinkEnglisharrow-up1·8 months agoThis requires local access to do and presently an hour or two of uninterrupted processing time on the same cpu as the encryption algorithm. So if you’re like me, using an M-chip based device, you don’t currently have to worry about this, and may never have to. On the other hand, the thing you have to worry about has not been patched out of nearly any algorithm: https://xkcd.com/538/
minus-squareGissaMittJobb@lemmy.mllinkfedilinkEnglisharrow-up1·8 months agoAh yes, good old Rubber-hose cryptanalysis.
minus-squarejust_another_person@lemmy.worldlinkfedilinkEnglisharrow-up0·8 months agoSure. Unless law enforcement takes it, in which case they have all the time in the world.
minus-squareGlitterInfection@lemmy.worldlinkfedilinkEnglisharrow-up0·8 months agoYup, but they’re probably as likely to beat you up to get your passwords.
minus-squarebrbposting@sh.itjust.workslinkfedilinkEnglisharrow-up1·8 months agoNo way! Even the evil ones will try to avoid jail. Meanwhile they might have a friggin budget for the GrayKey, the Stingray… Definitely believe rights are more likely to be violated when they can just plug in or power on without getting their gloves dirty.
This requires local access to do and presently an hour or two of uninterrupted processing time on the same cpu as the encryption algorithm.
So if you’re like me, using an M-chip based device, you don’t currently have to worry about this, and may never have to.
On the other hand, the thing you have to worry about has not been patched out of nearly any algorithm:
https://xkcd.com/538/
Ah yes, good old Rubber-hose cryptanalysis.
Sure. Unless law enforcement takes it, in which case they have all the time in the world.
Yup, but they’re probably as likely to beat you up to get your passwords.
No way! Even the evil ones will try to avoid jail.
Meanwhile they might have a friggin budget for the GrayKey, the Stingray…
Definitely believe rights are more likely to be violated when they can just plug in or power on without getting their gloves dirty.