Apple parts ways with hacker famous for iPhone jailbreaking

Nicholas Allegra, who was hired last year after gaining fame at JailBreakMe, was let go after not responding to an e-mail offering to extend his employment.

Apple's experiment with employing a hacker 

famous for jailbreaking the iPhone has ended.

Nicholas Allegra, also known as Comex, was 

hired at Apple after gaining fame with the 

JailBreakMe,a Web site that simplified the 

process of removing Apple-installed 

protections from the phone -- a practice Apple 

opposes.When Apple hired him as an intern in 

August 2011, Allegra was a high-profile member 

of the jailbreaking community, regularly 

publicizing security vulnerabilities in 

Apple's iOS software.

However, Apple ended the 20-year-old Brown 

University student's employment last week, Allegra revealed today.

"So... no point in delaying. As of last week, after about a year, I'm no longer associated with Apple," he tweeted this afternoon. 

"As for why? Because I forgot to reply to an email," he wrote in a follow-up tweet.

Wireless Encryption - WEP, WPA, and WPA2

This a very basic description of the differences between Encryption Security Methods used by Entry Level Wireless Hardware (802.11b/g).

WEP

Each packet of the Encryption has 24bits Initialization vector. Which unfortunately done in plaintext.

40bits (encryption)+ 24bits(init. vector)=64bits Encryption.

104bit(encryption)+ 24bits(init. vector)=128bits Encryption.

WEP uses RC4 stream encryption, for a fresh key stream for each packet.

The Init Vector & the key are combined to get per-packet key which is used to generate RC4 keys stream.

The RC4 is one of the major culprits in the security issues.

Part of the weakness of RC4 has to do with the combo of Init. Vector and Plain Text chipper.

24 bit Init vector is finishing a cycle of 2 in the power of 24 in about hour and then repeats. 

Repeating Init Vector plus knowledge about the plaintext language, makes guessing the plaintexts simpler.

WPA

It is an interim solution that is used now until 802.11i comes out.

It still using RC4, but the Key was changed to TKIP.

TKIP basically works by generating a sequence of WEP keys based on a master key, and re-keying periodically before enough volume of info. could be captured to allow recovery of the WEP key. TKIP changes the Key every 10,000 packets, which is quick enough to combat statistical methods to analyze the cipher. 

TKIP also adds into the picture the Message Integrity Code (MIC). The transmission’s CRC, and ICV (Integrity Check Value) is checked. If the packet was tampered with. WPA will stop using the current keys and re-keys.

Probably in mid 2005 release of 802.11i happened).

The Big Change is Advance Encryption Standard (AES).

802.11i changed WPA RC4 usage to employ AES.

Referred to as WPA2 the main difference for regular user would be.

WPA uses (as describe above) TKIP/MIC Encryption.

WPA2 uses AES-CCMP Encryption

AES aka the Rijndael algorithm is a secure, fast symmetric cipher that is easily implemented in hardware.

AES has its own mechanism for dynamic key generation. It's also resistant to statistical analysis of the cipher text.

Counter-Mode/CBC-MAC Protocol (CCMP) called the Advanced Encryption

Standard (AES).