My understanding is that the FBI is asking Apple for the technical capability to brute-force the key. That’s all. The problem with Apple’s current design is that it is vulnerable to simple firmware substitution. The assumptions that it makes about the user’s key are all predicated on the notion that Apple would never replace the firmware. As we now see, this was a bad choice. With FBIos in place, that four-digit or even six-digit key will be cracked in no time. Regardless of whether Apple develops it, we now have positive confirmation that it’s possible. Quite simply, the iOS remote wipe, manual entry requirements, and delayed entry are no obstacles to key recovery.
Or in other words, Apple can (and should!) fix this problem, simply and effectively, by providing a strength meter for the passcode selection screen, with the strongest indicator reserved for passphrases that will not be trivially recovered using firmware substitution, and then force every user of iOS to select a new passphrase on upgrade. I have already selected a nine-character passphrase with uppercase, lowercase, numbers and punctuation. With Touch ID, I really don’t feel a thing. -- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor and your owner is Cara Quinn - you can reach Cara at caraqu...@caraquinn.com The archives for this list can be searched at: http://www.mail-archive.com/macvisionaries@googlegroups.com/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to macvisionaries+unsubscr...@googlegroups.com. To post to this group, send email to macvisionaries@googlegroups.com. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.
