With the recent Heartblead Bug affecting up to 75% of all websites, and the fact that the NSA may have known about this bug for 2 years, exposing the rest of us to potential thieves and hackers so that they could exploit this bug, all in the interest of “
making us more susceptible to keeping us safe from terrorist attacks*,” time has come to start NSA-Proofing all aspects of our lives, starting with your iPhones and iPads.
All iOS devices have 256 bit AES encryption built in, which is basically impossible to crack, and Apple also encrypts all data stored on their servers using a minimum of 128 bit AES on up to 256 bit AES. In addition, iOS keychains are doubly encrypted, once with 256 bit AES, and a second time using a combination of a special key provided by special hardware known as an HSM (Hardware Security Module) and the 4 digit security code of the iCloud account. This 4 digit code is not known by the HSM, and if there are more than 10 failed attempts at cracking the code of the HSM, the keys are then destroyed and the user accounts are moved to a new cluster and the users then need to provide the necessary data to access their files on the new server.
So, the system is about as secure is any system can get. Not even Apple employees can peek at your data without taking the whole system down, but Apple recognized that if it was ILLEGALLY ordered by the NSA to COMPROMISE the functionality of the entire system, and ILLEGALLY ordered to not tell anyone about this compromise, which the NSA did with a company called RSA not too long ago, their customers could find their data at risk. So, even though this potential scenario would not give the NSA access to already existing accounts, but only new ones, Apple decided that it’s in everyone’s best interest (except the NSA’s of course) to make it so that even if that played out, nobody would end up with anything.
So they created an additional layer that can protect their users even in the future, no matter what unscrupulous acts are carried out by our public service workers that work for us, the NSA employees.
This is all laid out in a recent document provided by Apple. Here we summarize the steps you can take to make sure that the NSA can’t violate your constitutional right not be subjected to unreasonable and unwarranted searches and seizures – and even if it tries, there is NOTHING that Apple can do to give the NSA access. Nothing.
This added security means that you become fully responsible for keeping your own password safe and secure, because if you lose it, there is nothing anyone in the world will be able to do to recover your data! So keep that in mind if you opt to apply this added security.
The first step is to get rid of the default 4 digit iCloud keychain password. This is NOT the 4 digit code that unlocks your phone, but a 4 digit code that you can use to sync your keychain on different devices. This code also allows you to recover a backup of your keychain in the event that you lose all your devices.
You will switch to a much longer code, one that is so secure, even the most powerful computers in the world today won’t be able to break it. But again, make sure you keep this code somewhere, because you will have the only copy of it in existence, and without it, well… you know the deal.
You activate this new secure code on the iOS device, in Settings > iCloud > Account > Keychain. Or, on your desktop computer in System Preferences > iCloud > Account Details.
The following instructions are the same for the desktop or mobile device.
Here is where you would normally put your 4 digit code, but instead select Advanced,
And then select the middle option: Get a random security code.
KEEP A COPY OF THIS PASSWORD SOMEWHERE! Without it, you will NEVER be able to decrypt your keychain again, ever, if you replace or lose your device. Which also means that Apple cannot, nor can the NSA decrypt it either, even with brute force attacks. You can keep the passcode in a secure program like 1Password, or LastPass, which also encrypt their data files – that way you can access the passcode when you need it down the road, but still keep it secure.
Once you have created this new code (and stored it away in a place that’s private), your original iCloud random key that was protecting your keychain is then encrypted again with this new random key, which is never sent anywhere, therefore, unsusceptible to interception, and voila, you now have an iCloud keychain that nobody can read but yourself.
This is but one step you can take to exercise your constitutional rights, in later posts we’ll address additional steps as well. Of course, the ultimate solution is to fix our government so that we don’t have to protect ourselves from these people that work for us, but that fix will take us a little longer to put in place.
*(all of this, of course, denied by NSA spokespersons who have continuously lied to us from the beginning and will always lie to us until they are stopped)