Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Concerning that they can bypass Apple's "10 strikes and you're out" feature.

Given the people involved and the description of the devices capability, it sounds like they have a working iBoot exploit. At which point they can load anything they want.
 
  • Like
Reactions: Santiago
The average times assume that the box doesn’t prioritize certain combinations like 1234, 1111, etc., and run these before less likely ones.

If there are any kinds of tables that do this, the average times will be much much lower.
 
I've been using a 13-character mixed alphanumeric with symbols passcode since they release TouchID.
 
When Apple introduced Touch ID a lot of people said they were just fine with a passcode... Now there will be an even bigger convenience reason to use that or FaceID vs a potentially complex password.

FaceID? All they have to do to get into your phone is point the phone at your face. You're done. Your data is theirs. There was an argument over whether they could force your finger onto a touch ID and the courts said, DO IT!!! Sorry, but you have NO PRIVACY RIGHTS! The 4th Amendment is pretty much worthless since what is "unreasonable" is usually decided by people that believe that if you appear to have something to hide, you must be guilty of a crime!
 
So you get to decide how much security we need on our phones? :confused:

??? No. My observations and sentiments are only that. You should only take them as that. Even then, in reality, everyone can’t have their preference accommodated, so someone will decide for you.
 
Apple needs to introduce USB Restricted Mode asap. In addition to the week long time limit, they should also have it kick in after 50 passcode attempts as standard.
 
??? No. My observations and sentiments are only that. You should only take them as that. Even then, in reality, everyone can’t have their preference accommodated, so someone will decide for you.
That's not what you posted:
It's simpler to remember the Ten Commandments than to remember a ten-digit passcode. If you need to be a law breaker or anarchist, avoid using computers and cellphones to conduct business.
The direct implication is that phone security shouldn't be provided to people who aren't following your God's alleged commandments.

Thankfully, Apple has decided to provide real security, so I'll keep buying from them.
 
The direct implication is that phone security shouldn't be provided to people who aren't following your God's alleged commandments.

Thankfully, Apple has decided to provide real security, so I'll keep buying from them.

You midunderstood. I was being sarcastic when I criticized the impracticality of ten digit passcodes. Considering the requirement, it would be easier for those who might have something to hide from law enforcement to be righteous. Otherwise, they should avoid using devices for their deeds.

If you’re not one of those persons who is inviting scrutiny from law officials, you probably won’t encounter someone with a sophisticated cracking tool. If you do, you have other protections for the example you gave. But feel free to be paranoid and easily threatened.
 



Law enforcement agencies have a new iPhone cracking tool that works with all modern iPhones and the newest versions of iOS 11, the GrayKey, designed by a company called Grayshift.

Previous reports have suggested the GrayKey can crack 4-digit passcodes in a matter of hours and 6-digit passcodes in days, but as highlighted by VICE's Motherboard, cracking times for the GrayKey and other similar iPhone unlocking methods can potentially be even faster and 6-digit passcodes no longer offer adequate protection.

graykey1.jpg

GrayKey iPhone cracking box, via MalwareBytes
Matthew Green, assistant professor and cryptographer at John Hopkins Information Security Institute, said this morning on Twitter that with an exploit that disables Apple's passcode-guessing protections, a 4-digit passcode is crackable in 6.5 minutes on average, while a 6-digit passcode can be calculated in 11 hours.


Apple does have built-in options to erase an iPhone after 10 incorrect passcode guessing attempts and there are automatic delays after a wrong passcode has been entered more than five times, but GrayKey appears to bypass these protections.

It's not clear if the GrayKey can reach the fastest unlocking times outlined by Green, but even at slower unlocking speeds, it only takes days to get into an iPhone with a 6-digit passcode. Comparatively, it takes over a month to crack an iPhone with an 8-digit passcode, or more than 13 years to get into an iPhone with a 10-digit passcode.

With the release of iOS 9 in 2015, Apple switched from a four digit passcode to a 6-digit passcode as the default, making iOS devices more secure, but for those concerned about their iPhones being accessed either by law enforcement with the GrayKey or by a hacker with a similar cracking tool, a 6-digit passcode is no longer good enough.

Several security experts who spoke to Motherboard said people should use an alphanumeric passcode that's at least seven characters long and uses numbers, letters, and symbols.To change your iPhone's passcode from a simple numeric 6-digit passcode to something more secure, you'll need to use the Settings app. Go to "Face ID & Passcodes" in the Settings app, enter your current passcode, scroll down, and then choose "Change Passcode."

You'll be asked to enter your new passcode on this screen, but you'll actually want to tap on the blue "Passcode Options" text towards the middle of the display. Choose "Custom Alphanumeric Code" to enter a passcode that consists of letters, numbers, and symbols.

alphanumericpasscode.jpg

With an alphanumeric passcode in place, you'll no longer be presented with a numeric keyboard when unlocking your iPhone, and instead, you'll see a full keyboard available to type in your passcode.

There's a definite compromise between easy device accessibility and security when using a longer alphanumeric passcode like this. It's a lot easier to type six numbers than it is to type a mixed character alphanumeric passcode into an iOS device, but for complete security, longer and more complex is the way to go.

Article Link: iPhone Cracking Methods Like GrayKey Box Can Guess a Six-Digit Password in 11 Hours on Average
[doublepost=1524400181][/doublepost]Apple must have provided secret information to help to avoid large scale law enforcement actions.
 
If you’re not one of those persons who is inviting scrutiny from law officials, you probably won’t encounter someone with a sophisticated cracking tool.
Riiiight, and there are no Russian hackers. In fact, there are no hackers at all! The web is just one big version of Mister Rogers Neighborhood!
 
I’d rather Apple make Face ID and Touch ID work correctly and more accurately! I still have a 4 digit passcode because Face ID is a hit or miss! If it doesn’t recognize my face I have to turn the screen off and back on for it to try again or make a motion of putting it down and raising it again.

Touch ID works much better but I have to relearn my thumb every so often on my 6s plus. My iPhone 5s was slower but worked more consistently than the 6s plus.

Also no easy way to use Face ID while driving. I could look straight ahead and drive while my thumb unlocked it and either use Siri or type by muscle memory. Face ID doesn’t recognize my 12 chins. And you have to stare at it for a second or so before it unlocks. Can’t do that when you need to stare ahead while driving

You don’t have to turn your screen off. Just hit cancel and swipe up again for faceid to scan again.
 
Oh what a dinosaur of an old post.
What about 123456789147258369102030405060708090090807060504030201105090105090305070305070505050 ???
huh, nono...

I wonder how long it would take for it to guess this password:

That is:

173467321476C32789777643T732V731171888732476789764376

and only at that speed 😃 Nothing Speech in Mac OS can at any acceptable level...

1686764461778.png

1686764511089.png
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.