• Ghostalmedia@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    ·
    edit-2
    10 months ago

    Someone correct me if I’m wrong, but it looks like there are two hashes. A short one based on the iCloud account’s email address or phone number, and a long 2048-bit RSA identity that gets stored on the device after logging into iCloud.

    It looks like the short identity is basically just used for that initial airdrop screen where you find available targets to airdrop to, but the actual longer, more secure, hash is required for the actual file transfer.

    That might explain why finding airdrop contacts is kind of snappy, but there is a bit of a delay after you initiate a transfer.

    https://support.apple.com/guide/security/airdrop-security-sec2261183f4/web

    Edit: one more thought. If this really was that easy to crack, wouldn’t China have done this years ago? The CCP has been targeting Airdrop for a long long time.

    • nomad@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      Sounds about right. Might be they have some man in the middle shenannigans going on with permanently installed hardware in the subway, but I doubt it. That would be a race condition that you might win with a lot more signal strength, but still…