Syncing does certainly open up attacks that are not possible against non-synced credentials, but you're incorrect to say that synced Passkeys are not stored in the Secure Element.
At least, that's my understanding. Tell me if I'm wrong!
The author of that blog post, who is not Apple, appears to be slightly confused. There's a crucial distinction:
1) The key used to encrypt the keychain is stored in the secure enclave.
2) The keychain data itself is not stored in the secure enclave.
The secure enclave only stores keys, whereas the keychain holds arbitrary data of arbitrary length. If keychain data were actually stored in the secure enclave, there would be a danger of it running out of space!
"When you protect a private key with the Secure Enclave, you never handle the plain-text key, making it difficult for the key to become compromised. Instead, you instruct the Secure Enclave to create and encode the key, and later to decode and perform operations with it. You receive only the output of these operations, such as encrypted data or a cryptographic signature verification outcome."
Here's the kicker:
"Can’t encode preexisting keys. You must use the Secure Enclave to create the keys. Not having a mechanism to transfer plain-text key data into or out of the Secure Enclave is fundamental to its security."
In other words, nothing ever goes in, and nothing ever comes out. This makes syncing of secure enclave keys impossible. What can be synced are keys that are encrypted and decrypted by the secure enclave. These keys are the aforementioned "output".
What I understand the author to be saying is that the SE will unwrap locally stored synced credentials and then encrypt them to the previously-established iCloud sync key.
It doesn't really matter if the storage of the actual wrapped keys is in the secure element or on disk, of course--what matters is if the SE exports unencrypted credentials, or if it fails to validate the identity of the key to which it encrypts credentials before exporting.
It doesn't seem from that description like it does either, but it's a bit unclear to me from the docs. Do you know?
"Exportable, but in SEP" is a meaningless distinction (if it even exists, I am not convinced that the article isn't confused about things, but I do not have the time or energy to try to refute it).
The security benefits on SEP are that the keys _physically_ cannot leave it; if they're "exportable" and available to AP, then their security is necessarily only as good as of Keychain, and whether they're stored in SEP or on disk doesn't really matter if the AP can access them at all.
I don't think the distinction is meaningless, though, as I said, I do agree that exportable keys are more vulnerable than non-exportable.
What I understand the iCloud scheme to guarantee is roughly:
1. The TEE will not export keys except encrypted to the previously-established sync keypair. (IOW, it will only export keys after first encrypting them with the public key of the iCloud-sync keypair.)
2. The iCloud sync keypair will not be divulged by the iCloud server-side HSM except upon presentation of the correct auth credentials (your iCloud password or recovery key).
I think this provides meaningful security beyond keys sitting in plaintext on (FDE-encrypted) disk, namely, that malware running on the device cannot itself simply export the keys from the TEE. It must instead join a new keychain to the iCloud trust circle, as described at https://support.apple.com/en-hk/guide/security/sec0a319b35f/..., and to do this, it must be able to authenticate to iCloud as the user.
That's certainly possible--malware running on the device could phish the user's iCloud password, for example. But it's no longer a zero-user-interaction access to the synced key.
Again, clearly weaker than non-exportable keys, but still stronger than keys sitting in plaintext on disk.
I mean, we're moving goalposts here from "guarantees that SEP makes" to "guarantees that iCloud Keychain makes".
You're right that the items from iCloud Keychain don't just sit in a plaintext on a disk, and that the ceremony to join a keyring is a complex and (until proven otherwise) secure one, but none of that is related in anyway to SEP.
The very existence of iCloud Passwords extension for Chrome on Windows should be a proof of that.
I'm not sure how to relate that to the slashid article, which notes,
> In other words, the private key used to encrypt kSecAttrSynchronizable keys in the Secure Enclave is backed in iCloud. As such, when a new device needs to restore the keychain it can reconstruct the private key and thus decrypt the keypair needed to access all the private keys marked as kSecAttrSynchronizable, which include passkeys.
So presumably the iCloud sync pubkey is in fact available to the TEE to do the necessary encryption before exporting the synced credentials. Where that pubkey is stored only matters if you can trick the TEE into encrypting to some other pubkey, which presumably you can't--the implication of the docs seems to be that it pre-establishes which keys it will trust at iCloud enrollment time.
Is that not the case? I think if the TEE happily encrypts to any pubkey, there's a super obvious bypass here, so I doubt that's how the system works.
> And, if things really are completely collapsing, nobody wants gold. They'll want something much more immediately useful--food, clothing, ammunition, etc.
I'm not sure I buy that. Barter for an intermediary is fundamentally useful. In a case of societal collapse, people with food/clothing/ammunition--or people who can provide useful services (like driving me to the nearest border) aren't going to want more food/clothing/ammunition--they're going to want something fungible that they can trade for what they need!
So, sure, there's probably some rare scenario where gold (ideally in small, easily verifiable discrete units, not big bars) is useful.
I didn't find it sensationalist. Obviously, like, being born in a country with a poor healthcare system might have a bigger impact on your morbidity/mortality in some cases than dietary changes, but it's hard for people to change the country they are born in.
There's some research that suggests group alcohol consumption increases social cohesion. I can't remember the studies I originally read which suggested this, but a few from a web search:
Whether other psychoactive substances have similar effects I don't know, but it seems reasonable to assume alcohol's somewhat-unique social role reflects its actual impact on group bonds.
I was struck while recently reading David Grann's "The Wager" by how little people understood scurvy at the time. Grann writes about how some doctors believed it to be a reaction of the body to being away from solid land for too long, and attempted a treatment by burying patients up to their necks in soil.
In the shadow of encroaching regulatory despotism, the luminous innovation of the iPhone was threatened with bureaucratic shackles by the European Union. The relentless march of progress was halted, as the central planners decreed that every charging port must bow before the altar of uniformity. No longer could Apple's vision for a sleek and efficient Lightning connector reign supreme; instead, the heavy hand of Brussels demanded compliance with the USB-C standard. The champions of individualism and choice saw their liberty erode, replaced by the stifling straitjacket of conformity. The spirit of innovation, once ignited by the entrepreneurial genius of Silicon Valley, flickered in the face of such top-down directives, leaving a world dimmed by uniformity, where the art of technological diversity was sacrificed at the altar of bureaucratic convenience.
A core argument the post makes is that TPMs are insufficient for verifying full stack integrity and thus ineffective for FDE. (Eg by exploiting vulnerable drivers, an attacker can dump the disk encryption key from kernel memory.)
But in such a scenario, an attacker can also use such an attack to bypass any remote attestation/DRM/etc!
I guess you could argue that such attacks are too much work for consumers, and that low fences control big dumb animals…but I think, fundamentally, the same argument applies to consumer security functions like FDE!
Tl;dr: I think it’s hard to argue that TPMs are both useless for practical user security and a threat to free computing. It’s gotta be one or the other!
Is it that someone who a) believes the best path to peace and stability in the region is a Ukrainian defeat of Russia and b) also opposes Donald Trump's, say, tax policy has a "dilemma" in whether to support military aid that goes to Anduril (and thus, ultimately, potentially to Trump's re-election)?
If so, this seems like a pretty facile point.
Like, life is full of pros and cons. I want to leave my umbrella at home so my bag is lighter, but I want to have it with me if it rains. WHICH WAY, WESTERN MAN!?!
In a democracy, you sometimes have to do business with people with whom you disagree. You also might try to avoid doing business with them, all else being equal. WHICH WAY?!
I dunno. I feel like you thought you had some sort of deep philosophical point, but I'm not getting it I guess?
Not the OP, but I think the stated point is that some people are strictly against the development of products for the military and warfare, but then support situations when those products are used.
I'm in kind of a similar boat, where personally I would not want to ever work on weapons, but at the same time admit their necessity. My hope over time is that conflict becomes less violent and more economic, but induced poverty also has deadly consequences...
I suspect the number of people who believe in total unilateral disarmament and military aid to Ukraine--yes, I agree that's an internally inconsistent point of view--is vanishingly small, and not, as @yinser snarkily wrote, "a large block of US citizens."
No doubt there are a far larger number who find weapons development distasteful or would not personally want to work on weapons, but nonetheless recognize it as an unfortunate but pragmatic necessity.
I suppose, if one were given to inane Internet snark, one might say, "Haha, you refuse to become a proctologist, yet you go for your colonoscopy. WHICH WAY WESTERN MAN?" But, frankly, that would make you look stupid, just like @yinser does.
> So people continue to predict doomsday and most of the time it doesn’t happen.
Well, the same is true for any prediction of anything unlikely. People continue to predict world-changing innovations, and most of the time they are wrong. That's the reality of any low-probability/high-impact prediction, in the positive or negative direction.
As a specific case of that: most startups fail, so predicting a startup will fail is safe.
Synced Passkeys are, in the Apple world, still stored in a Secure Element; they just are exportable. https://www.slashid.dev/blog/passkeys-deepdive/ describes this fairly clearly.
Syncing does certainly open up attacks that are not possible against non-synced credentials, but you're incorrect to say that synced Passkeys are not stored in the Secure Element.
At least, that's my understanding. Tell me if I'm wrong!