On Wed, Apr 4, 2012 at 3:45 PM, Jeffrey Walton <[email protected]> wrote:
> Hi All,
>
> Older iOS devices used a 4 digit PIN code, which was next to no
> protection. Newer iOS allow passcodes which consist of a full
> (fuller?) alphabet.
>
> Assuming a weak password policy (for example, 4 or 6 characters) are
> there any real benefits over PINs?
>
> What is the state of the art for mobile password cracking on iOS and Android?
Ask and you shall receive (Ars Technica dropped it yesterday):

http://arstechnica.com/apple/news/2012/04/can-apple-give-police-a-key-to-your-encrypted-iphone-data-ars-investigates.ars

Does Apple have a backdoor that it can use to help law enforcement
bypass your iPhone's passcode? That question became front and center
this week when training materials (PDF) for the California District
Attorneys Association started being distributed online with a line
implying that Apple could do so if the appropriate request was filed
by police.

As with most things, the answer is complex and not very
straightforward. Apple almost definitely does help law enforcement get
past iPhone security measures, but how? Is Apple advising them using
already well-known cracking techniques, or does the company have
special access to our iDevices that we don't know about? Ars decided
to try to find out.
...

If Apple does keep device key records, they could be given to law
enforcement for a faster brute-force session off-device. "It is pretty
much impractical to break a six-character passcode on the device
itself, but may be entirely practical offline using specialized
systems. So to me it seems like it might be possible for Apple to help
[a law enforcement official], but not directly, if they really store
these hardware keys, but again, nobody knows if they do that or not,"
[Charlie] Miller said.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to