Hacker News new | ask | show | jobs
by michaellosee 4256 days ago
>(iOS 8) virtually eliminates the possibility that the encrypted data can be unlocked without the passcode.

I am not the first to point out that it is stupidly easy to bruteforce passcodes that are based on digits (like many phone passcodes are). The FBI lamenting unbreakable phone encryption and the accompanying media buzz borders on farcical and is disingenuous given that there is still a backdoor on the iPhone[1] on port 62078. Am I missing anything?

[1]https://news.ycombinator.com/item?id=8057470
2 comments
bsdetector 4255 days ago
The secure area of the CPU contains a key that is combined with the passcode so the passcode by itself can only be tried on the actual device, which has speed and retry limits. If the data is copied off then the key is passcode + unknown number from secure area and the entire key length has to be brute forced (as if the user entered a longest, most random password possible).

So even a 4-digit passcode with wipe on too many failures is secure except to hacking the OS from the lock screen, which is pretty difficult to do. Even then the cracking has to be done on the device, so while a 4-digit code could be cracked even a 6 character alphanumeric even will take days and longer passwords are basically uncrackable.

link
LeoNatan25 4256 days ago
With TouchID in all new Apple devices, it is much easier now to have complex passcodes without sacrificing usability.

Also, some of these vulnerabilities are slightly outdated with iOS8.

link
michaellosee 4255 days ago
Thank you, I knew I was missing something. Also, I found that iOS 8 (mostly) fixed the backdoor:

http://www.zdziarski.com/blog/?p=3820

link