TexasCHLforum.com

You know, the funniest thing that's liable to happen in encryption is the day somebody is told to hand over his encryption key and the results are not what the prosecution wanted.

Imagine the court has seized encrypted data and demands the key. The plaintiff meekly hands over his throwaway key, the one that will decrypt his data in an alternate way. Instead of revealing the incriminating spreadsheet, it decrypts to a jpeg of the judge wearing a lampshade at a keg party.

A trivial stunt with one-time pads.

Truecrypt could do something similar. An encrypted disk volume was created a lot larger than needed, with a few files in it to make it look like it was in use.

A second encrypted volume was dropped on top of that, on the unused space. That second volume was at risk if you copied too much into the visibly present primary volume and overwrote any portion of the hidden volume. Decrypt with one key, there's the family reunion photos. Decrypt with the other key on an offset, and there are the blueprints of Donald Trump's secret underground toupee humidor.

Unfortunately, Truecrypt's second encryption jiggled the entropy just enough it was possible to deduce a second volume might be present, at which time your tormentors could get busy working on you.

Maybe in the Apple case they should go after the real villains, the people who made the base encryption so dang strong. I believe Apple uses AES. Whoever unleashed AES on the world...

Oh, wait, that was the government... Never mind.

One thing I'm not clear on is how Apple could install a compromised IOS without the passcode. I don't own any Apple mobile devices, so I'm not sure about the details. But if you can replace IOS on a locked phone without knowing the key, then it seems the phone is not as secure as it's perceived.

Nor would it seem difficult for the government to replace IOS with a simple facility to dump memory contents.

Either way, conscripting Apple's labor is a pretty iffy proposition.