Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> I had been thinking that the user had to opt into full disk encryption on iOS, does it come enabled by default?

Full disk encryption (called Data Protection on iOS) is enabled as long as a passcode is set. This has been the case since what, iOS 4?



AFAIK the storage is encrypted using (a key derived from) a unique device key in the secure enclave and thus the storage is tied to the physical device. Further keys are generated using the Passphrase and the unique device key, so they are tied to the user and the device.

The application can chose per file:

* Encrypted when locked: NSFileProtectionComplete

* Encrypted until first unlock: NSFileProtectionCompleteUntilFirstUserAuthentication

* Encrypted unless used by the applications background tasks: NSFileProtectionCompleteUnlessOpen

I think the keys used for file encryption are unique per application and then again per file, but I didn’t find information on this.


I appreciate you both providing more info on this. It seems iOS is much more encrypted than I had thought it was. Still, if I resurrect the micro-journaling app, I'll probably keep an app-specific password and SQLCipher to add that extra layer of protection.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: