On Wed, Apr 4, 2012 at 5:06 PM, Adam Back <[email protected]> wrote: > Surely one cant think of the limitations (requirement for cooperation from > the OS to test the PIN) as if they are cryptographic limitations... Yes, I'm thinking its probably close to a degenerate case of cracking a password from the desktop. Perhaps the wrinkle is getting the password file or a file that will one can test with (try the decrypt, and if the HMAC is wrong then its the wrong password).
> Apple probably supplies such a service themself to law enforcement as a > private apple approved ready-to-go app. I know its been rumored, but I don't recall seeing it in print from Apple (or a tool leaked). I suspect Zdziarski, Miller or Morrissey have some custom stuff ready for use. I was hoping Solar Designer had some unique insights (he usually does when it comes to passwords). Jeff > On Wed, Apr 04, 2012 at 03:45:09PM -0400, Jeffrey Walton wrote: >> >> Hi All, >> >> Older iOS devices used a 4 digit PIN code, which was next to no >> protection. Newer iOS allow passcodes which consist of a full >> (fuller?) alphabet. >> >> Assuming a weak password policy (for example, 4 or 6 characters) are >> there any real benefits over PINs? >> >> What is the state of the art for mobile password cracking on iOS and >> Android? >> >> PS, I am aware of XRY software >> >> (http://www.forbes.com/sites/andygreenberg/2012/03/27/heres-how-law-enforcement-cracks-your-iphones-security-code-video/) >> and its limitation >> >> (http://9to5mac.com/2012/04/02/xrys-two-minute-iphone-passcode-exploit-debunked/) >> (thanks LW). _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
