On 2013-05-10, at 8:56 PM, Jeffrey Walton <noloa...@gmail.com> wrote:
> http://news.cnet.com/8301-13578_3-57583843-38/apple-deluged-by-police-demands-to-decrypt-iphones/ Let me highlight the last paragraph of the article: > It's not clear whether that means Apple has created a backdoor for > police -- which has been the topic of speculation in the past -- > whether the company has custom hardware that's faster at decryption, > or whether it simply is more skilled at using the same procedures > available to the government. Apple declined to discuss its law > enforcement policies when contacted this week by CNET. There is nothing in anything that we've seen that suggests that Apple is able to break a device passcode faster than, say, Elcomsoft, or any other similar tool. Of course, I don't know that they don't have a backdoor, but it really doesn't sound like they are able to do any more than the numerous tools out there, which basically jailbreak, and then install a brute force cracker on the device. Apple appears to have configured PBKDF2 on these devices for each passcode guess to take 250ms. So a 4 digit passcode has a mean break time of 20 minutes. I've recommended that people use a minimum of 6 digits, which requires several weeks. If you have reason to believe that someone might put in even more effort, then use an alpha numeric passcode. Apple may be more skilled at keeping the devices powered and running (or even overclocking) for extended cracking sessions; so I wouldn't be surprised if Apple was better at these than using off-the-shelf tools. Cheers, -j _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography