Security - Keychain

There are no guarantees when it comes to the NSA.

http://support.apple.com/kb/HT4865 says:

"

iCloud Keychain encryption keys are created on your devices, and Apple can't access those keys. Only encrypted keychain data passes through Apple's servers, and Apple can't access any of the key material that could be used to decrypt that data.

"

This is probably the best Apple can do. If you don't believe that statement, you won't believe anything else they say either.

If we believe Apple, that means they can never access the keys and hand it to, say, NSA. That's a good point.

To be honest, if you look at the link Zanthra posted, I'd say your information in iCLoud Keychain on Apple's servers is actually more secure than most places you actually subscribe to on the web or give your credit card number to for payment.

How many times have VISA or MasterCard payment service centers had accounts compromised in the past 10 years? - it is at least dozens of times. Many online places we all use have very lax security for the data we are obligated to give them if we wish to use their services or shop their sites.

Apple's security for your iCloud data, in comparison, is much superior to many others.

You need not only blindly believe or trust Apple but first of all you should try to understand what they're writing: Zanthra's link points out that personal data in iCloud is encrypted in most areas. What does this mean from a privacy perspective? Not that much unless you (the person who 'owns' the data) has the encryption key.

Unfortunately this is not true and Apple stores the keys alongside with the data in the cloud (applies to contacts, calendars, data, backups, etc.). So while enryption is a good thing (prevents hackers from somewhere to access your data illegally) it doesn't help when it comes down to 'legal authorities' that want to access your data. Since it's not you who encrypted the data but Apple. And they store the keys to decrypt the stuff and have to hand it over to anyone showing up with a National Security Letter.

Regarding keychain contents: Prior to 'iCloud keychain syncing' your keychain could also end up in the cloud. As part of the backup of an iOS device. In this case (and when you made local backups and chose _not_ to encrypt them via password) the keychain data has been encrypted on the device using a key derived from some sort of hardware ID which only allowed to decrypt this data on the same device (if you restored your iCloud backup to a different iOS device you got all your data except the keychain contents).

This seems pretty secure since you need to know the hardware ID of the device and the Apple ID of the person in question to decrypt the keychain data stored somewhere in the cloud. But we're speaking about Apple as the hardware manufacturer (who knows the hardware ID) and also Apple as the cloud storage provider and the necessary association between device and Apple ID the person in question made voluntarily because otherwise his iOS device wouldn't be useable for store contents.

I don't know whether keychain data will still be saved this way if you opt in to use the new keychain syncing. But no matter how it works. Unless the _specific implementation_ of what Apple does now with the keychain data has been reviewed by independant security researchers I won't trust the whole stuff.

The problem is: cryptographic techniques provide security/privacy only when implemented correctly. Even the smallest implementation flaw can render something that should be unbreakable these days ('256-bit AES encryption' and 'elliptic curve asymmetric cryptography and key wrapping' as Apple points out) completely useless. And we all know that NSA's project BULLRUN targets this sort of design and implementation flaws.