They fixed that in iOS 4 already. Luckily, I hadn't updated at that point, so I was able to jailbreak my iPod touch with the swipe of a bar on jailbreakme.com.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple's 'Unbreakable' iOS Device Encryption Highlighted
- Thread starter MacRumors
- Start date
- Sort by reaction score
They fixed that in iOS 4 already. Luckily, I hadn't updated at that point, so I was able to jailbreak my iPod touch with the swipe of a bar on jailbreakme.com.
Yep, that's why I said it's technically possible. It's as easy as just guessing the key.
But some fun math tells us if we do 14trillion calculations a second, it will still take us an unfathomable number of years to try 0.0000000001% of the possible keys.
That being said I have no concerns with aes encryption! Brute force away lol.
Last edited:
And what I'm trying to say is that you can't guess the key for a one-time pad and that makes it truly unbreakable.Yep, that's why I said it's technically possible. It's as easy as just guessing the key.
But yes, nobody should be worried about long-key AES encryption.
Also, the iOS passcode also lets you use some symbols and the space. There are 26 letters + 10 numbers + 15 symbols + 20 symbols (page 2) + space. You cannot use letters/numbers/symbols from other languages like Arabic or Chinese. There are 72 characters to choose from for each slot.
So 72^8 possibilities / 2 * 80ms = 2.888E16ms ~ 9.1541E5 years....
Only letters and numbers: 36^8/2*80ms ~ 3575.8 years....
Not sure if I made mistake or if they aren't using the same number of possibilities as I am. You divide the number of possible passcodes by 2 and multiply by 80ms to find the estimated cracking time, right?
Only numbers: 10^8/2*80ms ~ .1268 years.
Only letters: 26^8/2*80ms ~ 264.6932 years.
So 72^8 possibilities / 2 * 80ms = 2.888E16ms ~ 9.1541E5 years....
Only letters and numbers: 36^8/2*80ms ~ 3575.8 years....
Not sure if I made mistake or if they aren't using the same number of possibilities as I am. You divide the number of possible passcodes by 2 and multiply by 80ms to find the estimated cracking time, right?
Only numbers: 10^8/2*80ms ~ .1268 years.
Only letters: 26^8/2*80ms ~ 264.6932 years.
Assuming the last password they try is the right one, it would take 36^6*80/1000/60/60/24/365 years to crack that, which is about 5.522 years. So my math is not off, and I am calculating the crack time for the other ones in a similar fashion except that I divide by 2. Why am I getting such huge numbers?
Last edited:
Heard It Before
The only secure data is data that cannot be accessed.
OK I know this is supposed to be the ultimate but pardon me if I'm a little bit skeptical. I've heard the same refrain all the way back to the "unbreakable" 32 bit encryption in the last century. Someone will figure out a sneaky way to short circuit the decryption. Or computers will exceed anything "foreseeable" way ahead of schedule.
The only secure data is data that cannot be accessed.
Not true. Blackberries, yes. Android, no, until 4.01 or later, as far as I know. Even then, it's optional. You have to perform additional steps to enable it.
Right and wrong.
Yes, with OTP, a brute force attack would eventually uncover the plaintext. However, the thing with OTP is that the return of the original plaintext is no more or less likely than the return of any other equivalent length string.
For example, of the plaintext is "The car was green," brute forcing an OTP cypher will eventually return "The car was green" but is equally likely to return "Our son has drugs", "Her dad has aids." "The PCP has moved" "The hit was done." or any one of countless, equally non-trivial phrases. This is in contrast to non-OTP cyphers where it's rather obvious that recovered plaintext that makes any kind of sense is probably a successful decryption.
This, probably more than anything, makes OTP, not worth the brute force. Coupling OTP with code phrases makes it even less worth the trouble because without the meaning of the code phrases, or even a list of code phrases, one has no idea if they've recovered a code phrase or just some other sentence.
Like stated, AES is now a 14 year old algorithm. If it was short circuitable, it would have been. Microsoft researchers have been able to find an attack in 2011 that reduces key recovery for AES-256 to a 2^254.4 operations affair.
You are using exponents to start, which is incorrect. You need permutations to calculate the number of possible "words". So, n=number of possible characters, r=word length. Formula, with repeats of n possible:Also, the iOS passcode also lets you use some symbols and the space. There are 26 letters + 10 numbers + 15 symbols + 20 symbols (page 2) + space. You cannot use letters/numbers/symbols from other languages like Arabic or Chinese. There are 72 characters to choose from for each slot.
So 72^8 possibilities / 2 * 80ms = 2.888E16ms ~ 9.1541E5 years....
(n+r-1)!
r!(n-1)!
So, for:
n=72
r=8
Answer:
~33 years, if I did everything right this fast. I could be wrong.
Or:
~15 years, if repeats not allowed. (different formula) So, I assume others have assumed no repeats of characters.
Attachments
That formula is not allowing repeats. You use exponents for permutations with repeats allowed. A snapshot from that site:
And what I did worked for the 6-digit numbers-only calculation that Apple gave out. I DID forget about capital letters, though, but I get wrong answers even with that.
Sounds like a Mitnick quote! Although I can't agree more with what you're saying, the biggest threat to a computer system is the user itself!
Social engineering should be a focal point of any security plan in this day and age!
You can debate the mathematical details of encryption until the cows come home but in the Real World your garden-variety thief has neither the means nor the knowledge to crack encrypted devices and data.
So it's up to the user to use encryption and pass phrases that are difficult to guess. That is sufficient protection for the 99.999% of users who do not have to worry about the NSA attempting to decrypt their data.
So it's up to the user to use encryption and pass phrases that are difficult to guess. That is sufficient protection for the 99.999% of users who do not have to worry about the NSA attempting to decrypt their data.
Hmm, I didn't set "order important", that's where I screwed up. Maybe their calc was using some other set?
Ah, Apple's PDF only claimed 2 calcs:
The other may have been MR, and more likely to be in error.
Also, Apple says "all combinations", so remove your halfway "/2" calc. Then it works perfectly for me. I should clarify. Then Apple's two work for me. I can't get 15 years at all. Must have done some other sort of calc.
Last edited:
They are probably assuming the memory is removed from the device, so the operating system is not running, hence unable to start the wipe process.
----------
There must be a water boarding app for that.
Plus, the govt will have the FBI at the phone's location in minutes. Cause you have to leave it turned on to hack it.
Lol yea I read that in conjunction with some android users thinking they'd be able to unlock moto bootloaders easier. Funny stuff.
"The algorithm is so strong that no computer imaginable for the foreseeable futureeven a quantum computerwould be able to crack a truly random 256-bit AES key."
but quantum computers have near infinite processing power....
but quantum computers have near infinite processing power....
Apple doesn't know what your 4-digit passcode is, so there's no way thay can tell you what it is.
----------
Unless you have information on your iPhone worth enlisting the use of a quantum computer for several weeks or months, I wouldn't worry about it.
Last edited: