Saturday, November 28, 2015

What happens when changing iPhone's passcode?

The iOS's passcode is one of the factors to encrypt files. We expected that it spends much time when we change our passcode because files need to be decrypted by old passcode and encrypted a new one. However changing passcode is prompt. Why?

The below picture comes from the document, iOS Security which I refer to answer the question even though the document doesn't have a direct answer.

The iOS uses the hierarchy keys to encrypt files. Class Key, that is used to encrypt and decrypt File Metadata, is encrypted by Hardware Key and Passcode Key. Hardware Key and File System Key are unique and constant. File Contents is encrypted and decrypted by a unique File Key that is in File Metadata that is encrypted and decrypted by File System Key and Class Key. Only Passcode Key can be changed by a user via the below steps.

  1. iOS uses Hardware Key and Passcode Key to decrypt the encrypted Class Key.
  2. The Passcode is update to new one.
  3. iOS uses Hardware Key and new one to encrypt the Class Key.

Because Class Key and File System Key are constant, changing of Passcode doesn't impact the encrypted file contents. This is the answer.


Cannot Boot Ubuntu

The error, system is running in low-graphics mode, happens when booting Ubuntu. One reason for the error is that disk space is exhausted. We can boot Ubuntu in recovery mode and use the df command to check it.

df -h

if the disk is full, please use the command to find the largest directory.

du -sh -BM * | sort -g

Please use the command to remove the directory. For example,

rm -rf YOUR-DIR

Sometimes we cannot remove the directory because the file system is read-only. Please remount it by the command. For example,

sudo mount -o remount,rw /dev/YOUR-DISK


Wednesday, November 11, 2015

Why iPhone's passcode cannot be replaced with Touch ID

We are requested for inputing passcode rather than Touch ID when we restarting iPhone. Why? After I read iOS Security, I think I found one of the reasons.

The passcode in system memory (why?), which is disappear after we turn off iPhone, is charge of encrypting/decrypting files. However Touch ID cannot do the same thing. Why?

I explain the reason as follows.

  1. For security concern, the plaintext passcode cannot be stored in flash storage because it is easily leaked.
  2. The plaintext passcode in system memory disappears after turning off iPhone. Therefore there is no risk of leaking. Apps cannot read it at run-time because the memory's are is not readable and is encrypted by hardware (secure element.)
  3. A ciphertext passcode in flash is encrypted by a one-way algorithm (eg., SHA-1) from the plaintext one.
  4.  The iOS encrypts and decrypts files by the plaintext passcode.
  5. Why cannot we use Touch ID to encrypt files? Because the biometric data of our pressed fingers are different each time.