> On Jun 29, 2017, at 5:33 AM, Dave Fernandes <dave.fernan...@utoronto.ca> > wrote: > > Ah. Thinking about the new device use case helps. Everything must be > accessible and decryptable using only the iCloud passphrase. But if the same > passphrase is used both to authorize access to the data and to decrypt it, > then Apple has the passphrase to decrypt each time the user logs in, do they > not? So encryption prevents against third parties seeing the data, but not > Apple itself. Or perhaps the passphrase is used to generate two independent > secrets and the passphrase itself is never sent over the wire?
Any competent* online service does not store your password. They only store a hashed version of it. With web-based logins the password does usually get sent to the server, but it only keeps it long enough to verify the hash, never storing it persistently. A login system like Apple’s is probably sending a random challenge value to the device, which then gets somehow transformed using the password in a way that can be verified using the hash (I’m hand-waving here, but there are many algorithms for this.) Or alternatively, the password defines an asymmetric key-pair**, of which Apple stores the public key, and the login then consists of signing the challenge value and sending it back, letting Apple verify the signature. —Jens * Unfortunately there are still incompetent services still out there. Match.com <http://match.com/> is one, for example, or was a few years ago when I briefly tried using it. If you tell it you forgot your password, it *emails your password to you*. My jaw hit the floor and I deleted the account immediately. ** Deriving a key-pair from a password isn’t feasible with RSA, but it can be done with e.g. Curve25519. _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com