Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/saper/statuses/111280696392197627">Marcin Cieślak (saper@mastodon.social)'s status on Monday, 23-Oct-2023 07:27:34 JST</a><a href="https://mastodon.social/@saper" title="saper@mastodon.social"><img src="https://gnusocial.jp/avatar/111068-48-20230405035307.webp" width="48" height="48" alt="Marcin Cieślak" style="position: absolute; left: 0; top: 0;">Marcin Cieślak</a><div><a href="https://bikeshed.party/objects/6621360d-b10d-40b5-b768-85d77d40bc61" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/5480" title="kravietz@agora.echelon.pl">kravietz 🦇</a></li><li><a href="https://gnusocial.jp/user/38360" title="gossithedog@cyberplace.social">Kevin Beaumont</a></li><li><a href="https://gnusocial.jp/user/114200" title="planesailinggames@chirp.enworld.org">Alex White</a></li><li><a href="https://gnusocial.jp/user/202122" title="vpz@infosec.exchange">vpz</a></li></ul></div></section><article><p><a href="https://bikeshed.party/users/feld">@feld</a> <a href="https://agora.echelon.pl/users/kravietz">@kravietz</a> <a href="https://chirp.enworld.org/@PlaneSailingGames">@PlaneSailingGames</a> <a href="https://cyberplace.social/@GossiTheDog">@GossiTheDog</a> <a href="https://infosec.exchange/@vpz">@vpz</a> </p><p>ok, now I got to understand that the Keychain is an encrypted data structure stored somewhere (it could be Apple's key-value store). Reading this story I gather that a whole thing is encrypted with a symmetric wrapping key. This wrapping key can be either obtained by the syncing identity or derived from the recovery code. <br>So devices exchange the key exchange key among themselves during pairing? Could recovery code be seen as a <a href="https://mastodon.social/tags/SPOF" rel="tag">#SPOF</a>?</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2198879#notice-4368190">In conversation</a><time datetime="2023-10-23T07:27:34+09:00" title="Monday, 23-Oct-2023 07:27:34 JST">about a year ago</time> <span>from <span><a href="https://mastodon.social/@saper/111280696392197627" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@saper/111280696392197627">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Marcin Cieślak (saper@mastodon.social)'s status on Monday, 23-Oct-2023 07:27:34 JSTMarcin Cieślak
in reply to
@feld @kravietz @PlaneSailingGames @GossiTheDog @vpz
ok, now I got to understand that the Keychain is an encrypted data structure stored somewhere (it could be Apple's key-value store). Reading this story I gather that a whole thing is encrypted with a symmetric wrapping key. This wrapping key can be either obtained by the syncing identity or derived from the recovery code.
So devices exchange the key exchange key among themselves during pairing? Could recovery code be seen as a #SPOF?
In conversationabout a year ago from mastodon.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice