This is the phone version of saying “the power utility is an evil awful monopoly that treats me like shit, so I’m gonna get solar and batteries and go off grid.”
It’s cool it’s possible, but it’s not practical for most people.
What do you think the major practical downsides are? Maybe you are not aware of how many things perfectly work or how easy some workaround are, so I am wondering.
- Everyone is expected to be able to create a signing keyset that's protected by a Yubikey, Touch ID, Face ID, or something that requires a physical activation by a human. Let's call this this "I'm human!" cert.
- There's some standards body (a root certificate authority) that allow lists the hardware allowed to make the "I'm human!" cert.
- Many webpages and tools like GitHub send you a nonce, and you have to sign it with your "I'm a human" signing tool.
- Different rules and permissions apply for humans vs AIs to stop silliness like this.
This future would lead to bad actors stealing or buying the identity of other people, and making agents use those identities.
There is a precedent today: there is a shady business of "free" VPNs where the user installs a software that, besides working as a VPN, also allows the company to sell your bandwidth to scrappers that want to buy "residential proxies" to bypass blocks on automated requests. Most such users of free VPNs are unaware their connection is exploited like this, and unaware that if a bad actor uses their IP as "proxy", it may show up in server logs while associated to a crime (distributing illegal material, etc)
But also many countries have ID cards with a secure element type of chip, certificates and NFC and when a website asks for your identity you hold the ID to your phone and enter a PIN.
You read it. You now have an infinite army of overconfident slightly drunken new college grads to throw at any problem.
Some times you’re gonna want to slowly back away from them and write things yourself. Sometimes you can farm out work to them.
Code review their work as you would any one else’s, in fact more so.
My rule of thumb has been it takes a senior engineer per every 4 new grads to mentor them and code review their work. Or put another way bringing on a new grad gets you +1 output at the cost of -0.25 a senior.
Also, there are some tasks you just can’t give new college grads.
Same dynamic seems to be shaping up here. Except the AI juniors are cheap and work 24*7 and (currently) have no hope of growing into seniors.
> Same dynamic seems to be shaping up here. Except the AI juniors are cheap and work 24*7 and (currently) have no hope of growing into seniors.
Each individual trained model... sure. But otoh you can look at it as a very wide junior with "infinite (only limited by your budget)" willpower. Sure, three years ago they were GPT-3.5, basically useless. And now they're Opus 4.6. I wonder what the next few years will bring.
I recommend reading the AES-XTS spec, in particular the “tweak”. Or for AES-GCM look at how IV works.
I also recommend looking up PUF and how modern systems use it in conjunction with user provided secrets to dervie keys - a password or fingerprint is one of many inputs into a kdf to get the final keys.
The high level idea is that the key that's being used for encryption is derived from a very well randomized and protected device-unique secret setup at manufacturing time. Your password/fingerprint/whatever are just adding a little extra entropy to that already cryptographically sound seed.
Tl;dr this is a well solved problem on modern security designs.
> I recommend reading the AES-XTS spec, in particular the “tweak”. Or for AES-GCM look at how IV works.
What does this have to with anything? Tweakable block ciphers or XTS which converts a block cipher to be tweakable operate with an actualized key - the entropy has long been turned into a key.
> Your password/fingerprint/whatever are just adding a little extra entropy to that already cryptographically sound seed.
Correct. The "cryptographically sound seed" however is stored inside the secure enclave for anyone with the capability to extract. Which is the issue I referenced.
And if what you add to the KDF is just a minuscule amount of entropy you may as well have added nothing at all - they perform the addition for the subset of users that actually use high entropy passwords and because it can't hurt. I don't think anyone adds fingerprint entropy though.
> The "cryptographically sound seed" however is stored inside the secure enclave for anyone with the capability to extract.
Sorry, I'm not sure I follow here. Is anyone believed to have the capability to extract keys from the SE?
The secure enclave (or any Root of Trust) do not allow direct access to keys, they keep the keys locked away internally and use them at your request to do crypto operations. You never get direct access to the keys. The keys used are protected by using IVs, tweaks, or similar as inputs during cryptographic operations so that the root keys can not be derived from the ciphertext, even if the plaintext is controlled by an attacker and they have access to both the plaintext and ciphertext.
Is your concern the secure enclave in an iPhone is deflatable, and in such a way as to allow key extraction of device unique seeds it protects?
Do you have any literature or references where this is known to have occurred?
Tone is sometimes hard in text, so I want to be clear, I'm legit asking this, not trying to argue. If there are any known attacks against Apple's SE that allow key extraction, would love to read up on them.
> Is your concern the secure enclave in an iPhone is deflatable, and in such a way as to allow key extraction of device unique seeds it protects?
This is a safe assumption to make as the secret bits are sitting in a static location known to anyone with the design documents. Actually getting to them may of course be very challenging.
> Do you have any literature or references where this is known to have occurred?
I'm not aware of any, which isn't surprising given the enormous resources Apple spent on this technology. Random researchers aren't very likely to succeed.
Having the privilege to live in a house without common walls to a neighbor is the biggest quality of life improvement I've ever had the good fortune to experience.
I'd take a hell of a long commute to the burbs' before I'd go back to dealing with b.s. like this.
Loud music, slashed tires if you called the cops, people smoking weed and cigars and stinking up the whole building, parking space shortages, drunks throwing up in the stiarwells, screaming matches between people in bad relationships, horribly maintained flats and every repair done on the cheap, 4am fire alarms, a rat problem the owners would not put money in to fix properly, the list goes on and on over the 20+ years I lived in rentals.
It reads like you lived in some third world country. In all my years living in various capitols, I've never had issues close to what you've described here.
The GP grew up poor in the US (by their own earlier statement) .. which tracks with your "some third world country" observation. The US is famously harshly tiered by wealth and privilege.
Social media broke society. The echo chamber effect from the feed algorithms has led to everyone living in their own little realities and it's so terrifying to watch what happens when people don't have the same truths.
I remember early, invite-only Facebook before it got heavily monetized and it was such an amazing tool to bring people together, keep you connected with old friends, organize group events, and stuff like that. Then it... changed.
Apple TV is great except they prevent installing software which is not on their App Store. A big one for me is SmartTubeNext, which removes YouTube ads and sponsored segments. I can't even pay for that if I wanted to.
It’s cool it’s possible, but it’s not practical for most people.
reply