Comment by lxgr
1 year ago
Note that the mud puddle test was originally described on Matt's very blog: https://blog.cryptographyengineering.com/2012/04/05/icloud-w... :)
1 year ago
Note that the mud puddle test was originally described on Matt's very blog: https://blog.cryptographyengineering.com/2012/04/05/icloud-w... :)
And it only works because a corporation likely would want to offer this to its users as a convenient feature. If they were actively trying to hide this, they can rig the test and keep access to themselves.
It is true that passing the mud puddle test does not guarantee robust end-to-end encryption (there can still be backdoors reserved for company/law enforcement). But failing it definitely guarantees that there is no robust end-to-end encryption.