Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I recently switched to a 15-character alpha-numeric/special characters passcode after reading an article by a security researcher.

A snippet from that article:

iOS estimated passcode cracking times (assumes random decimal passcode + an exploit that breaks SEP throttling):

4 digits: ~13min worst (~6.5avg) 6 digits: ~22.2hrs worst (~11.1avg) 8 digits: ~92.5days worst (~46avg) 10 digits: ~9259days worst (~4629avg)



source: https://twitter.com/matthew_d_green/status/98588500154278297...


These are easy to calculate, the iOS whitepaper[0] specifies that it uses a PBKDF2 iteration count tuned for 80ms.

The passcode is 'entangled' with a per-device 'UID' that only exists in silicon, not accessible by any firmware.

It seems that the current GrayKey attacks are closer to ~1s/guess.

My last post on the topic: https://news.ycombinator.com/item?id=16833802

[0] Page 15 https://www.apple.com/business/docs/iOS_Security_Guide.pdf


What is SEP throttling?


I believe SEP = Secure Enclave Processor - iOS has it throttle passcode input requests. Visibly this results messages like "iPad is Disabled. Try again in 5 minutes".

I'm not sure how GrayKey bypasses this...


Ah OK sure. Interesting that the rate limiting is done at the hardware layers and not the the OS.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: