Posts by JeffyPoooh

Re: counting attempts

"...the number of wrong attempts must be written somewhere non-volatile."

One of the presentation videos on CCC.de has the hacker/cracker illuminating an individual non-volatle memory cell (one bit, a flag) within a de-capped security chip to reset that security state flag bit (with light).

That's the sort of unforeseen approach that's used to get into a system with 'infallible' security. They might need to invent or discover something for the iPhone 5C. But there's always a way, unless this is the very first device with perfect security (seems unlikely).

Nothing to do with brute forcing. Seems to take days or weeks, not trillions of times the life of a universe filled with etc etc etc.

They'd certainly want to buy a box of phones to practise on, before their one-shot at the subject.

Re: Interstellar missionaries

CH "I wonder how Richard Dawkins would handle that?"

Give him 48 hours and he'd have them all converted to Atheism.

Re: I think I'll buy one

"...watching the accelerometer data trying to work out if I'm watching porn."

Send them accelerometer data that integrates to something like ~35cm of apparent motion.

Re: Reliable communications, heh?

It'll need new magic 'Better Than GPS' (for lane keeping, accuracy 30 cm) if the idiot-car can't see the painted lines on the road.

Re: No, just a failure of machine thinking.

You're right. The author is bending over backwards trying to find a reason to excuse the failure. The section you quoted is simply ridiculous.

Furthermore, why was the idiot car backing up ? "Ooh, there's some obstacle in my path. I've stopped too close. Now I need to back up and crash backwards into an oncoming bus."

We'd better get used to this.

Re: The future creeps closer...

Would it help if I clarified that 'eventually' is likely at least ten years out? Maybe 15-ish. Certainly less than 20.

To me the trends are crystal clear. Emulation. Virtualization. Moore's law. Etc. It all comes together in a few years into a big schmozzle where stale-thinking OS-as-religious-beliefs get utterly trampled.

Most apps will run under any of several OSes, unpacking themselves accordingly. OSes will accept apps from other OSes. OSes will themselves be apps. Apps may bring along their own OS. None of this requires more than a couple steps past where we are now. Obviously.

Cheers.

Re: "2 bridges was 'unnecessary' says dev platform VP"

As written, it's clearly a plural ("2 bridges") followed by a 'was'.

It could have been written "Having two bridges was unnecessary"; but it was truncated into incorrectness.

"The idea" (offered as a counter-example) is singular. Thus perfectly non-applicable.

Anyway, by Godwin's Law, I win this debate anyway.

Re: Pressure

PV=nRT

One of my favorite equations.

Re: Clickbait.

DropBear on El Reg "...script... ...(zero pictures btw.)..."

What!??

The pictures are almost always hilarious, sometimes subtly hilarious which makes them even hilariouser.

Oftentimes they're the perfect representation of a famous meme.

One does require a sense of humour to enjoy them.

Re: @DropBear

Which is why I closed with: "...Your post may lead some to make that mistake."

There are plenty of people that make the logical error of confusing difficulty with security.

Since you were describing difficulties, I thought I'd make the point.

Cheers.

Re: Bad assumption on some of the proposed solutions...

"...rob the lithium of oxygen ."

A typical 18650 Li-ion cell (super common in laptops) might be something like 3.7 volts and 2000 mA-hour. So it contains within it (when charged) about 7 watt-hours of energy, roughly. If it internally shorts out, due to contamination, damage or random what-not, and that energy is all discharged in, say, one minute of excitement due to an internal short circuit, then that's roughly 400 watts of power, over one-half horsepower, being liberated in that minute. It could be in a hard vacuum, and it would still be very exciting. It wouldn't last a minute. It would vent and/or explode. Might trigger off the neighbouring cells too.

Random factoid: Lithium primary (non-rechargeable) cells as used in some avionics (INUs, ELTs, etc.) are now often LiMnO2, and they're usually certified very safe. Plus or minus the occasional smoldering ELT in a 787 parked at Heathrow.

Ref https://www.gov.uk/aaib-reports/aircraft-accident-report-2-2015-boeing-b787-8-et-aop-12-july-2013

Re: Potential?

If it's not free, how would one avoid revealing identifying information?

Pay with Bitcoin?

"... the data in the memory chips is not encrypted."

That's ---^ where you went wrong.

I believe it's very likely possible to 'crack' their way past the phone's security, but I don't think it's "very easy".

My assumption is that it's very unlikely that there's not at least several subtle implementation flaws. History of cryptography indicates that it's almost a general rule.

Re: "as well as remotely monitoring the thing "

A4 "Or does it include a GSM modem ? That would be interesting."

There are, as you may know, SD memory cards with Wifi built in.

It'll be at least a couple more 'Moore cycles' to get a GSM modem built in. Where would the SIM card go? ;-)

Re: Speculation?

Keef asked "...most downvotes..."

Nah, you have to denigrate Linux (which is a really stupid OS, by the way) to get lots of downvotes. In recent months, my best was:

"...your Master Boot Record was delicious." 7 thumbs up & 24 thumbs down

Good luck.

Re: Surely...

AC (John?) "...as yet unproven assumption that Apple has made the sort of trivial errors that would indeed reduce the available keyspace."

The latest crypto and latest implementations are just the latest in a very long line.

It's called Inductive Reasoning to see the sun 'rise' in the East every morning and leap to the unproven hypothesis that it'll almost certainly continue to 'rise' in future mornings.

It's extremely unlikely that the iPhone 5C will end up in a museum as the very first perfect implementation in history.

In fact, the Feds have already identified an attack vector. It's underway and they're very likely to succeed.

There would be 'N' such attack vectors. The theory that 'N' = 0 is extremely unlikely.

"...trivial errors..."

The crackers find implementation errors that are sometimes trivial (often only in hindsight), but sometimes they find implementation errors are unbelievably subtle. Other times they're exploiting an inherent physical or design weakness, that may have nothing directly to do with the security designers.

The attacks do not "reduce the available keyspace" (you're still stuck in that same limited thinking, sigh... seriously, please stop...). The side-channel attacks often reveal the key almost directly. The key could be a million bits and their attack would still read it out bit by bit.

Just because I can't be arsed to give you anything more than a quote from Wiki, it doesn't mean that I don't have a shelf bulging with books on the history of cryptography. Cryptographer-Hubris is a recurring theme in history. I'm here to make the world a better place by gently mocking such dangerous cryptographer-hubris.

You'd be a better person if you drop the naive faith in cryptography. Learn the endlessly recurring history. We've been through this exact same cycle so many times before.

(Unless you're a terrorist. Then, please... ...trust the crypto fully.)