Lawfare: Apple vs FBI: Pensacola Isn’t San Bernardino by Nicholas Weaver:
But there’s an important difference between San Bernardino and Pensacola. After the 2015 attack, Apple was in a position to help the FBI—it just refused to. (The bureau was eventually able to unlock the phone without the company’s help.) This time, though, it is technically impossible for Apple to assist.
First, some background. The iPhone, even an older phone like the iPhone 5, has impressive password-based security. Within the central processing unit (CPU) itself is a hardware encryption engine, designed to quickly enable encrypting and decrypting memory. This encryption engine can use multiple keys, one of which is particularly special.
This special “device key” is a random key generated by the phone during its final assembly: The phone itself writes it into its CPU. Once written, even the phone itself can’t see this key. Instead, the phone tells the hardware encryption engine to use the device key when the need arises. Newer phones do all this in the “secure enclave,” a separate processor within the main chip, but the process is effectively the same whichever model you’re using.
The device key is used when you go to unlock your phone. When you put your passcode into the phone, the CPU combines your passcode with the device key by repeatedly encrypting your passcode. After roughly a tenth of a second, the resulting random-looking value is then used to decrypt the master user key, which protects all personal data on the phone. Of course, if you get the wrong passcode, the phone can’t decrypt the master key and asks you to try again.