Re: Kind of what I said a couple weeks ago.
My understanding of the system Apple is using , and I may be wrong so bear with me, is that the iPhone has two numbers that are used to generate the decryption key needed to get at the user data in the flash.
One part of the key is the 4-6 digit PIN set by the user, the second is a larger key that is stored in a single chip in the iPhone. The key in the chip is generated once when the chip is made, randomly and there is no record kept of that key. If the key in the chip is erased then its game over.
When the user puts in their PIN the OS hands the PIN off to the chip and the chip hashes the PIN with the larger key it has in its internal flash. The OS never gets the key in the chip. The chip then passes the hashed value back to the OS and the OS uses that to try and decrypt the user flash storage. If the OS can't decrypt the flash it asks the user to re-enter the PIN, with the delay between attempts getting longer each time, and if you enter the wrong PIN 10 time the hidden key in the chip gets erased. And then its going to take until the heat death of the Universe to decrypt the user flash.
I believe, guessing this part actually, that the 10 count is done in the chip, the OS just signals the chip that it got the right PIN and was successful in reading the user flash and the chip resets its attempt counter. So the only way to prevent the chip from erasing the hidden key is to hack the OS so it never signals the chip that the PIN was wrong.
So what the FBI wants Apple to do is;
disable the delay between the PIN entry attempts
keep the OS from telling the key chip that the PIN was wrong so it doesn't increment the fail counter
add an I/O channel so the PIN can be entered using something other than the phone's touchscreen
Have the OS signal a successful decrypt over some I/O channel so the system brute forcing the PIN will know to alert the operators
and finally Apple has to sign the new binaries with there private key so the FBI can load the hacked OS into the iPhone's firmware.
If Apple does those then the FBI can brute force the 4-6 digit PIN with a 286 running a script in a few days/weeks depending on the how many attempts per second can be carried out. And then the FBI would also have the legal precedent of using the "All Writes Act", which is NOT a warrant as defined by the US Constitution to force Apple and other companies to provide the Feds with access to a users encrypted data.
I might be totally off base with the above but I think I got the gist of it right.
Biting the hand that feeds IT
