On Wed, Apr 4, 2012 at 3:45 PM, Jeffrey Walton <[email protected]> wrote: > Hi All, > > Older iOS devices used a 4 digit PIN code, which was next to no > protection. Newer iOS allow passcodes which consist of a full > (fuller?) alphabet. > > Assuming a weak password policy (for example, 4 or 6 characters) are > there any real benefits over PINs? > > What is the state of the art for mobile password cracking on iOS and Android? Ask and you shall receive (Ars Technica dropped it yesterday):
http://arstechnica.com/apple/news/2012/04/can-apple-give-police-a-key-to-your-encrypted-iphone-data-ars-investigates.ars Does Apple have a backdoor that it can use to help law enforcement bypass your iPhone's passcode? That question became front and center this week when training materials (PDF) for the California District Attorneys Association started being distributed online with a line implying that Apple could do so if the appropriate request was filed by police. As with most things, the answer is complex and not very straightforward. Apple almost definitely does help law enforcement get past iPhone security measures, but how? Is Apple advising them using already well-known cracking techniques, or does the company have special access to our iDevices that we don't know about? Ars decided to try to find out. ... If Apple does keep device key records, they could be given to law enforcement for a faster brute-force session off-device. "It is pretty much impractical to break a six-character passcode on the device itself, but may be entirely practical offline using specialized systems. So to me it seems like it might be possible for Apple to help [a law enforcement official], but not directly, if they really store these hardware keys, but again, nobody knows if they do that or not," [Charlie] Miller said. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
