Is iOS pin code an encryption lock?

MacBH928 · Sep 26, 2020

So I heard this that the iOS pin code is an encryption lock. Apple says to sell your device all you need to do is reset the device and all the data will be gone because they are encrypted, and during the resetting process they will delete the encryption keys on the device meaning forever the data is lost even if you know the pin code. Is this true?

If so how come encryption is easy and on the fly on iOS devices, yet on desktop OSs it takes hours to encrypt files and storage devices? I think they also need time to decrypt?!

cupcakes2000 · Sep 26, 2020

Here is their security white paper. It’s an interesting read and could answer some questions.

Link

MacBH928 · Sep 26, 2020

cupcakes2000 said:
Here is their security white paper. It’s an interesting read and could answer some questions.

Link

I appreciate that help but I am not going to read a 145 page book just to understand if the pin code encrypts the device or not. I don't have the time or brain power to do so, my attention is limited.

cupcakes2000 · Sep 27, 2020

MacBH928 said:
I appreciate that help but I am not going to read a 145 page book just to understand if the pin code encrypts the device or not. I don't have the time or brain power to do so, my attention is limited.

The pin code does encrypt the device yes. There you go.
I thought your question was deeper and more technical than that.
At the start of the ‘book’ there is something called the contents. As you may guess it’s a guide to finding something within the pages. You could try that out instead of relying on potentially false information spoon feed to you. It doesn’t even require any brain power.

MacBH928 · Sep 27, 2020

cupcakes2000 said:
The pin code does encrypt the device yes. There you go.
I thought your question was deeper and more technical than that.
At the start of the ‘book’ there is something called the contents. As you may guess it’s a guide to finding something within the pages. You could try that out instead of relying on potentially false information spoon feed to you. It doesn’t even require any brain power.

What I was trying to understand is why iOS encryption is easy and on the fly, even your average joe doesn't know its happening, but encrypting an HDD takes a serious work from the CPU and a lot of time. I figured maybe the pin code is not an encryption in the first place, just a pass code.

steve62388 · Sep 28, 2020

MacBH928 said:
If so how come encryption is easy and on the fly on iOS devices, yet on desktop OSs it takes hours to encrypt files and storage devices? I think they also need time to decrypt?!

It doesn't take hours if you encrypt from an empty disk, and after that it's all done on the fly transparently to the user.

mj_ · Sep 28, 2020

My understanding is that iOS and iPad OS devices are always encrypted by default no matter what. The PIN code merely protects the decryption key. Thus, strictly speaking the iOS pin code is not an encryption lock but a lock for the encryption lock.

The same is true for Macs with T2 chips. Which is why enabling FileVault on a Mac with T2 chip takes seconds whereas it can take hours or even days on Macs without T2 chips.

DEMinSoCAL · Sep 28, 2020

MacBH928 said:
What I was trying to understand is why iOS encryption is easy and on the fly, even your average joe doesn't know its happening, but encrypting an HDD takes a serious work from the CPU and a lot of time. I figured maybe the pin code is not an encryption in the first place, just a pass code.

Modern drives (including SSD's) have encryption built into the drive now and encryption happens on-the-fly. Nothing takes lots of CPU or time anymore.

mj_ · Sep 28, 2020

dmylrea said:
Modern drives (including SSD's) have encryption built into the drive now and encryption happens on-the-fly. Nothing takes lots of CPU or time anymore.

Not true. Built-in encryption will not protect you from somebody removing the drive from your system, installing it in a completely different computer, and freely accessing its contents. That's what software encryption such as BitLocker or FileVault is for, and that can still take up a significant and noticeable amount of CPU time depending on system.

MacBH928 · Sep 28, 2020

steve23094 said:
It doesn't take hours if you encrypt from an empty disk, and after that it's all done on the fly transparently to the user.

So you are saying if I take an empty drive, encrypt it, then backup to it that will be much faster than backing up to a drive then encrypting it?!

mj_ said:
My understanding is that iOS and iPad OS devices are always encrypted by default no matter what. The PIN code merely protects the decryption key. Thus, strictly speaking the iOS pin code is not an encryption lock but a lock for the encryption lock.

The same is true for Macs with T2 chips. Which is why enabling FileVault on a Mac with T2 chip takes seconds whereas it can take hours or even days on Macs without T2 chips.

Tell me more. My understanding is that for encryption to work there should be 2 keys to unlock. 1 is saved into the system, and the other is your password(pincode). You say the pin code "protects" the decryption key but what is that key stored? One is in the device and the other? where is it?

Why is a T2 chip faster an encrypting?

steve62388 · Sep 28, 2020

MacBH928 said:
So you are saying if I take an empty drive, encrypt it, then backup to it that will be much faster than backing up to a drive then encrypting it?!

It‘s very difficult to read intent in a message so I cannot tell if you’re being facetious. I apologise in advance if your question comes from a genuine place of misunderstanding.

This is a textbook straw man argument, it’s not a case I made at all. I was pointing out that if you enable encryption from the beginning it eliminates your concern about how long it takes.

TiggrToo · Sep 28, 2020

MacBH928 said:
So you are saying if I take an empty drive, encrypt it, then backup to it that will be much faster than backing up to a drive then encrypting it?!

Tell me more. My understanding is that for encryption to work there should be 2 keys to unlock. 1 is saved into the system, and the other is your password(pincode). You say the pin code "protects" the decryption key but what is that key stored? One is in the device and the other? where is it?

Why is a T2 chip faster an encrypting?

You first need to understand the basics on encryption and the two basic sorts: symmetric and asymmetric.

Symmetric encryption uses the same value to encrypt and decrypt, asymmetrical encryption is also known as public and private key encryption.

I’d first recommend you study up on those two basics before attempting to understand encryption on the iPhone. Without the fundamentals you’ll never get to understand how this works.

mj_ · Sep 29, 2020

MacBH928 said:
Tell me more. My understanding is that for encryption to work there should be 2 keys to unlock. 1 is saved into the system, and the other is your password(pincode). You say the pin code "protects" the decryption key but what is that key stored? One is in the device and the other? where is it?

Why is a T2 chip faster an encrypting?

The key is stored inside what Apple refers to as the "secure enclave", which is part of Apple's T1/T2 chip.
A T1/T2 chip improves encryption/decryption because it has dedicated transistor logic specifically for that task.

MacBH928 · Sep 29, 2020

steve23094 said:
It‘s very difficult to read intent in a message so I cannot tell if you’re being facetious. I apologise in advance if your question comes from a genuine place of misunderstanding.

This is a textbook straw man argument, it’s not a case I made at all. I was pointing out that if you enable encryption from the beginning it eliminates your concern about how long it takes.

No I am honestly asking

TiggrToo said:
You first need to understand the basics on encryption and the two basic sorts: symmetric and asymmetric.

Symmetric encryption uses the same value to encrypt and decrypt, asymmetrical encryption is also known as public and private key encryption.

I’d first recommend you study up on those two basics before attempting to understand encryption on the iPhone. Without the fundamentals you’ll never get to understand how this works.

Tech companies usually have a dumbed down version explanation how their products work for the mass public so I was trying to find something similar for encryption.

mj_ said:
The key is stored inside what Apple refers to as the "secure enclave", which is part of Apple's T1/T2 chip.
A T1/T2 chip improves encryption/decryption because it has dedicated transistor logic specifically for that task.

Ah I see, so the 2 keys are stored in the device, and my pin code unlocked the one stored in the T2 chip!?

throAU · Sep 29, 2020

MacBH928 said:
If so how come encryption is easy and on the fly on iOS devices, yet on desktop OSs it takes hours to encrypt files and storage devices? I think they also need time to decrypt?!

Because it is encrypted from the start and as data is added, and contains dedicated hardware to handle the encryption

Desktop platforms have basically been around since before encryption was commonplace for local storage and have basically had it bolted on with bubble gum and sticky tape, and need to run on platforms where the hardware isn't strong enough to do it.

mj_ · Sep 30, 2020

MacBH928 said:
Ah I see, so the 2 keys are stored in the device, and my pin code unlocked the one stored in the T2 chip!?

Basically, yes. That's how it works and that's why encryption/decryption on T2 Macs is instantaneous.

Search

Search

Is iOS pin code an encryption lock?

MacBH928

macrumors G3

cupcakes2000

macrumors 601

MacBH928

macrumors G3

cupcakes2000

macrumors 601

MacBH928

macrumors G3

steve62388

macrumors 68040

mj_

macrumors 68000

DEMinSoCAL

macrumors 603

mj_

macrumors 68000

MacBH928

macrumors G3

steve62388

macrumors 68040

TiggrToo

macrumors 601

mj_

macrumors 68000

MacBH928

macrumors G3

throAU

macrumors G3

mj_

macrumors 68000

Our Staff