Note also that Apple seems to have changed their mind about this method, probably because of the confusion and suspicion it raised. How can Apple do that while at the same time keeping the FBI or anyone who has broken into your iCloud account from doing the same thing? Apparently the solution Apple came up with is to encrypt or hash the device password of devices already in the circle of trust and allow in whoever can prove that they know the password of one of the devices. When you add a new device, you are asking to be let into the circle of trust and get access to these secrets. So what Apple does is use regular iCloud authentication to sync these encrypted secrets that can only be decrypted by the keys that are only stored on the devices. For these secrets, Apple does not want to have the information to decrypt them, but of course it also wants to be careful about who gets even the encrypted information, because encrypted information is not impossible to decode, just difficult. Some secrets are so sensitive (such as your iCloud Keychain) that Apple does not want to have any ability to access them, for example, if the FBI wanted them.
0 Comments
Leave a Reply. |