[cryptography] Here's What Law Enforcement Can Recover From A Seized iPhone

Jeffrey Goldberg jeffrey at goldmark.org
Wed Mar 27 23:37:55 EDT 2013


On Mar 24, 2013, at 5:30 PM, Jeffrey Walton <noloader at gmail.com> wrote:

> I wonder how they are doing it when other tools fails.

The article explained how they do it.  The case they described said the phone had no passcode lock, so the data on the phone would not have been encrypted.  In the other cases, the phones did have a passcode lock, but with 10000 possible four digit codes it takes about 40 minutes to run through all given how Apple has calibrated PBKDF2 on these (4 trials per second). 

I've been recommending that people turn off "simple passcode" on iOS devices and move to at least six digits. If your non-simple passcode is all digits, you are still get the numeric keypad. 

I've written about all that here

http://blog.agilebits.com/2012/03/30/the-abcs-of-xry-not-so-simple-passcodes/

when there was some hyperbolic claims about breaking into iPhones.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130327/19f8d26b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2615 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130327/19f8d26b/attachment.p7s>


More information about the cryptography mailing list