On 03/30/2016 12:16 PM, listo factor - listofac...@mail.ru wrote:
> I do not use this device, so I am wondering...
There was a quite a few posts following my question, but
unfortunately those quickly drifted off to the aspects of this
case (good/bad government(s), compelling rich/poor vendor(s).
"Gnupg-users" wrote on 03/30/2016 03:25:55
PM:
> - Message from "Robert J. Hansen" on Wed,
> 30 Mar 2016 14:08:18 -0400 -
>
> To:
>
> Peter Lebbing , gnupg-users@gnupg.org
. . .
. . .
. . .
>
> If you
Group,
Although this is off-topic, I have to jump in...
Robert is being reticent about the state-of-the-art regarding shall we say
"data recovery". While I will adopt the same level of reticence (probably
for the same reasons) let me state my firm belief that the FBI could have
applied to other US
> BTW, "Johann" with 2 n's is the German spelling. In Dutch it's only 1
> n at the end.
I apologize; I meant no disrespect.
> I didn't see this from the legal files, but did the FBI used these
> precedents in court?
The particular case I cited was just one of many times the government
used the
> The core point is: they wanted more than just this phone. But they
> said it was only about this phone.
That's the core point you're making, and I have no opinion on it.
> Is this "conspiracy theory" outrageous? Or only the one where they
> wanted legal precedent?
The latter. They believed t
> If it was only software, where the AES key is stored? And why not copy
> the storage?
iPhones put memory in tamper-resistant hardware. I'll note that
tamper-resistant isn't tamper-proof.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists
On 30-03-2016 20:08, Robert J. Hansen wrote:
> My position: "The FBI already had precedent on their side from clubbing
> other smaller companies, and they decided they finally had enough legal
> support to go after the big fish: Apple."
I didn't see this from the legal files, but did the FBI used
On 30/03/16 20:08, Robert J. Hansen wrote:
> Johann's position: "The FBI wanted to get precedent on their side so
> they could use it as a club against other smaller companies."
I'll just speak for myself. My position: I think the FBI wanted
something that could be /reused/ later, not just for thi
El día Wednesday, March 30, 2016 a las 01:26:23PM -0400, Mauricio Tavares
escribió:
> On Wed, Mar 30, 2016 at 1:13 PM, Peter Lebbing
> wrote:
> > (I think this is too far off-topic actually, but hey)
> >
> > On 30/03/16 15:46, Robert J. Hansen wrote:
> >> I try not to get involved in conspiracy
On Wed, Mar 30, 2016 at 1:13 PM, Peter Lebbing wrote:
> (I think this is too far off-topic actually, but hey)
>
> On 30/03/16 15:46, Robert J. Hansen wrote:
>> I try not to get involved in conspiracy theories, but this one's just...
>> outrageous.
>
> Can I ask why the conspiracy theory is "outrag
> Can I ask why the conspiracy theory is "outrageous"?
Yes. You and Johann seem to be of the opinion the FBI's petition was
unusual. It wasn't, really, except in the fact that they were going
after someone who had the resources to fight it, and they were asking
for just a little bit more than Ap
Actually I thought there is a TPM that is needed to "talk" with the
storage. If one fails to input the password enough times, the TPM
destroys the key.
You can say that it is false that the storage get destroyed but, since
it AES encrypted, after destroying the key it is pretty much the same.
If i
On Wed, 30 Mar 2016 10:05, b...@pagekite.net said:
> FYI, on the latest Ubuntu (15.10), that command does not work:
You need 2.1 of course .-)
> https://www.gnupg.org/documentation/manuals/gpgme/UI-Server-Protocol.html,
> it looks like that protocol is only suitable for localhost
> operations, i
(I think this is too far off-topic actually, but hey)
On 30/03/16 15:46, Robert J. Hansen wrote:
> I try not to get involved in conspiracy theories, but this one's just...
> outrageous.
Can I ask why the conspiracy theory is "outrageous"? Can't you imagine that the
FBI, or at least part of it, wo
> Why would this be an outragious conspiracy theory?
Because it assumes the FBI is stupid. Conspiracy theories which require
the conspirators are morons are very rarely correct.
> The smaller company would probably not have gone to court over it and
> just complied, so it would not set a legal p
On 30-03-2016 15:46, Robert J. Hansen wrote:
>> The FBI wanted clearly an easy access to ALL devices and a court ruling
>> to force other companies into compliance...
> I try not to get involved in conspiracy theories, but this one's just...
> outrageous.
Why would this be an outragious conspira
> The FBI wanted clearly an easy access to ALL devices and a court ruling
> to force other companies into compliance...
I try not to get involved in conspiracy theories, but this one's just...
outrageous.
So, let's assume the FBI wanted a court ruling to force other companies
into compliance. Wh
I'm in the process of setting up my webmail services, and have been
digging through quite a lot of standards.
It seems to me that gnupg.org's mail servers do not have any
SPF/DKIM/DMARC records in the DNS.
These are authentication standards issued by IETF, and are meant to stop
spam and authentica
> What am I missing in this whole case?
As I might someday want to work in the field of digital forensics again,
I'm going to keep my mouth shut about this specific case. But speaking
generally ...
Bruce Schneier is fond of saying that experience in breaking ciphers is
necessary before someone c
On 30-03-2016 14:16, listo factor wrote:
> If this is all essentially correct, someone who knows that
> the content of his device-at-rest is extremely valuable to an
> attacker would surely use a pass-phrase of adequate length, and
> thus make a potential cooperation from the device builder to
> h
On 30-03-2016 13:28, Robert J. Hansen wrote:
>> AFAIK the Cellbrite hack works by replacing the boot manager and so
>> being able to overwriting system memory, just as custom recoveries do on
>> Android phones.
>
> It's also worth noting that we'll likely discover what the exploit was
> in the ne
Unsubscribe
Susan Scheerer
9717 North Harrison Street
Kansas City, MO 64155
(816) 734-8595 Home
(816) 405-1144 Cell
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
I do not use this device, so I am wondering if those that are
familiar with it may be kind enough to confirm my understanding
of its security architecture:
The device uses a protected hardware module, which does several
things:
1) It uses it's own secret, etched in silicone, in combination
with
> AFAIK the Cellbrite hack works by replacing the boot manager and so
> being able to overwriting system memory, just as custom recoveries do on
> Android phones.
It's also worth noting that we'll likely discover what the exploit was
in the next few weeks.
___
On 30-03-2016 11:31, Paolo Bolzoni wrote:
AFAIK the Cellbrite hack works by replacing the boot manager and so
being able to overwriting system memory, just as custom recoveries do on
Android phones.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
_
On 30-03-2016 11:31, Paolo Bolzoni wrote:
> The TPM contains the AES key protected with the password,
AFAIK on the iPhone 5c at last the password this is not in some special
TMP. Only the iPhones with a fingerprint scanner (5s and above) have
that hardware and should not be vulnerable to that kin
Dear list,
I am aware it is out topic, but still I assume as we are security
oriented people (otherwise why being part of this email list?)
I think it is interesting food for thought.
As far as I understood the situation is:
The iPhone uses AES (256?) to encrypt the storage.
The phone owner, p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Werner,
Thanks for the reply!
Werner Koch wrote:
> > This is one of the complaints/wishes us Mailpile folks had, for
> > some sort of stable socket/stdio-based programmatic API for
> > talking to GnuPG. This sort of interface would make it much m
28 matches
Mail list logo
