This document summarizes iCloud Keychain and iOS 7 data protection. It discusses how keychain encryption has evolved from AES-CBC to AES-GCM encryption. It also explains how iOS uses file-level encryption with per-file keys based on protection classes. The document then analyzes the security of iCloud Keychain, describing how it uses an escrow proxy and key-value stores. It identifies a risk in how default iCloud Keychain setups allow for near-instant decryption of synced keychain records. The document recommends using a complex iCloud security code or random password to prevent offline guessing of the escrowed encryption key.