On Apr 10, 2012, at 10:32 AM, Natanael wrote: > Just FYI, there's been claims that these guys faked it. But on the other > hand, there ARE other tools that can extract data from iPhones so you can > bruteforce the encryption later. >
I'm pretty certain they faked it. The question is how they faked it. They may
have faked it in a quasi-defensible way.
It takes ~1000 seconds to brute force a four-digit PIN, because the hardware
calibrates each iteration to ~100ms (and it must be done on the device itself,
because there's a hardware key that's part of the calculation, and if you don't
want to destroy the device, you do it on the device. Thats 16 2/3 minutes.
If you then say that well, you can get one on average in 8 1/3 minutes, that
has merit, but we've definitely wandered into marketing. If you note that some
large percentage of PINs start with a zero or one, that average pulls down,
particularly since you'll do everything starting with a one in ~100 seconds,
and really, part of the human factors of pincodes is that a frighteningly large
number of them are under 1231.
If you're selling a forensic toolkit, it is not untrue that you could do it in
a few minutes on average. It's not what I'd call responsible, though. It
implies that the best pincode is 9999 or perhaps 9989 (no triple-repeated
digit). :-)
Jon
PGP.sig
Description: PGP signature
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
