* Posts by Pseu Donyme

231 posts • joined 10 May 2011

Page:

FBI overpaid $999,900 to crack San Bernardino iPhone 5c password

Pseu Donyme

Re: I'm not sure how he thinks this will work on an iPhone 6

@Steve Todd: Well, I'd be delighted to be wrong about this if it means that things are better documented or at least better known by now (or always were). Last time what information was around (using an hour or three to look for it with the benefit of a background as a seasoned embedded systems SW engineer) left me with the above impression (admittedly with some of my own speculation having most likely blurred to the info by now). I wouldn't mind seeing a quote from the above link attesting to the secure enclave's nature as a physically separate, tamperproof* subsystem, in particular it having its own persistent, but mutable storage, physically separate from the general purpose flash (without which it is still vulnerable to this sort of attack); this is the main point where I had to rely on speculation (i.e. Apple very likely minding the BOM / extra size / complexity from an extra chip / ... too much to implement a feature the finer points of which the general public would be unlikely to appreciate).

* one aspect of this would be whether the secure enclave's firmware is immutable (failing which makes the kind of hack FBI was demanding of Apple possible)

2
0
Pseu Donyme

Re: I'm not sure how he thinks this will work on an iPhone 6

Um ... as I seem to recall (from the time this was last an issue), the A6 already has the arrangement where a 256-bit constant is baked in the SoC only wired to the internal AES circuits (i.e. no direct software access). This means that cloning the flash and running the firmware in a VM won't work, but cloning the flash and running that with the actual hardware does (assuming that the only mutable storage in the device is the flash): this way at least the retry counter can be defeated by restoring the flash contents.

Unlike the A6, the A7 (and later) has the 'secure enclave'. However, rather than a physically separate processor with a dedicated mutable storage this appears* to be a virtual one sharing the system's flash chips as its only mutable storage. This is primarily geared at keeping someone with remote access (say, an exploit delivered via browser) at bay rather than someone with physical access (i.e. it keeps the iOS user and even kernel space isolated from the key storage, which is a worthy thing to have, of course). It seems Apple has not actually managed the latter; this would take your assumed separate tamperproof security processor with its dedicated mutable storage to keep the keys. This - afaik - Apple don't currently have. Hence, my impression is that there is no fundamental reason the technique (i.e. using a cloned flash with the original HW) wouldn't work on a iPhone 6 (or later).

* Apple seems to rely on obscurity for security here, afaik this is not properly (that is, publicly) documented

4
1

When Irish eyes are filing: Ireland to appeal Europe's $15bn Apple tax claw-back

Pseu Donyme

A no-brainer ?

I wonder if Apple's lawyers and accountants knew full well that this could happen, but went ahead anyway: it seemed likely to work and the worst that could happen was that they'd have to pay the tax they owed in the first place.

17
0

Making us pay tax will DESTROY EUROPE, roars Apple's Tim Cook

Pseu Donyme

re: Google and others

The Commission needs to start somewhere. Actually it started with Amazon, BASF, Fiat and Starbucks. I trust Google. Microsoft, ... will be dealt with as well.

13
0
Pseu Donyme

re: tax deals

There should be none, really. Instead, corporations pay tax on their profits at the non-negotiable corporate tax rate, same for any and all, where the bookkeeping rules for calculating the profit are likewise non-negotiable, same for any and all. As far as I can see this is what EU Commission is after here so that competition is not distorted due to company specific deals amounting to state aid.

5
0

Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea

Pseu Donyme

re: von Neumann

What I'd recall was that von Neumann got involved in the US war time computer programs (most importantly EDVAC as far as the eponymous computer architecture is considered) and put together an excellent memo of what he learned as a result. As the memo got somewhat wide distribution despite being about a secret wartime program and was about the only source of such quality right after the war, von Neumann got pretty much all the credit, much of which should have gone to John Mauchly and J. Presper Eckert, at least. (Actually, for a long time, the Americans got all the credit, despite Konrad Zuse's earlier work and that in the UK on the Colossus. Sadly, these are still rather poorly known.)

13
0

European Commission straps on Privacy Shield

Pseu Donyme

re: protects EU citizens, their privacy

Humbug. US corps, morelike, from having to give a hoot of the same.

1
0

Facebook crushes Belgian attempt to ban tracking of non-users

Pseu Donyme

re: jurisdiction

It seems strange that a Belgian court would not have jurisdiction of what physically happens in Belgium: if the user / browser / computer (or other device) is in Belgium the hard disk (flash chip, ...) on which the cookie is written is also in Belgium.

26
0

Apple pollutes data about you to protect your privacy. But it might not be enough

Pseu Donyme

re: "Modern data protection legislation which assumes that metadata is anonymous would need to be rewritten."

Re-writing would be ideal, of course. Then again what there is in the EU already covers this if interpreted with the law's purpose (privacy, self-determination) in mind. In this sense the the Schrems decision is very encouraging: the ECJ actually considers privacy and data protection fundamental rights to be protected as such.

1
0

Get ready for Google's proprietary Android. It's coming – analyst

Pseu Donyme

>This goes against the entire reason Android was created. ...

Probably. Google bought Android Inc. in 2005, though.

2
0
Pseu Donyme

Re: If it works for Apple...

While I wouldn't (at all) mind the wall around Apple's walled garden to suffer a fate akin to the structure that once circled West Berlin there is a crucial difference between Google and Apple: Google has a dominant market position in the EU (with Android, search, ...) while Apple doesn't (of course, Apple has monopolies within its own ecosystem, but then that isn't the dominant one within the general market(s), so, while I wish this could be acted upon it might not be possible under EU law ?).

6
0
Pseu Donyme

In effect Android is proprietary already ...

... because GMS is. Most importantly Google's stranglehold is cemented by GooglePlay, which at this points enjoys an unsurmountable advantage due to network effect*. (Not that coming up with the other components (browser, maps, ...) would be trivial, never mind something phone manufacturers on razor thin margins were likely to pull off or even try.)

* i.e. the value of a product or service to an user increases as the number of users increase, which in this case happens because of the feedback loop of: more GooglePlay users -> more developers using GooglePlay (exclusively) -> more GooglePlay users -> ...

5
0

Top EU data cop slams Safe Harbor replacement as inadequate

Pseu Donyme

Indeed. Like its predecessor "Privacy Shield" simply amounts to US firms being exempt from EU data protection. This is plain unacceptable as data protection is a fundamental right. Also, being exempt gives US firms a rather unfair competitive advantage.

17
0
Pseu Donyme

Quite. The US to needs to adopt proper data protection legislation like just about any other advanced country. In the meantime I suppose the only realistic solution is to keep EU citizens' data out of the US.

16
0

Google is the EU Remain campaign's secret weapon

Pseu Donyme

"It is vital that people should realise Google's potential (or actual) power." Quite. I don't think Google is actually under an obligation to be evenhanded and changing this would require something quite drastic. One such thing could be having the only permissible business model for search to be fully paid by its end users by micropayments, the idea being that a straightforward buyer-seller market* with competing vendors would keep search providers honest.

* instead of Google's constellation of interlocking, cross-subsidized markets amounting to the mother of all multi-sided markets (where a viable competitor in the combined market ought somehow to scale multiple barriers of entry at once)

4
0

SWIFT finally pushes two-factor auth in banks – it only took several multimillion-dollar thefts

Pseu Donyme

How can this happen?

What I find puzzling is that substantial amounts of money can be stolen with fraudulent bank transfers. Or not that so much, actually, but that it can remain missing with the perps uncaught.

9
0

One ad-free day: Three UK to block adverts across network in June

Pseu Donyme

>Some might argue...

There is that. At the same time ads are commercial propaganda (i.e. designed not to inform, but to manipulate). At any rate there is a better way on-line: search paid by its users (with, say, micropayments).

>"Google-dominated ad market"

DoubleClick's (=Google) ad servers market share of 69 % * seems dominant to me; this seems the most relevant single figure to the freedom of speech -angle mentioned above - maybe along with a global search market share of 71 % / 95 % (desktop / mobile) **.

* https://www.datanyze.com/market-share/ad-servers (as of 26MAY2016)

** https://www.netmarketshare.com/search-engine-market-share.aspx?qprid=4&qpcustomd=0 / https://www.netmarketshare.com/search-engine-market-share.aspx?qprid=4&qpcustomd=1 (April 2016)

0
0
Pseu Donyme

Micropayments or some other scheme amounting roughly to what sites get from adverts would be vastly preferable for a number of reasons:

- the current ad business model is a privacy disaster (for a typical user, at least)

- ads are commercial propaganda designed to manipulate and mislead; they undermine the key premise of an efficient market economy i.e. that of transactions between well-informed parties

- the Google-dominated ad market is a market failure / disaster in its in its own right: this is essentially not a market, but a set of interlocking multi-sided markets (search, Android, Google Analytics, Google Maps, ... and the ad distribution itself) where even some of the component markets are practically uncontestable monopolies due to the network effect

- a single company's de facto control of funding for news and other content is a freedom of speech disaster waiting to happen

- ad funded is not really free: the cost is added to the price of products and services; content providers could actually be paid somewhat more if the admen in the middle were cut out

0
0

French authorities raid Google's Paris HQ over tax allegations

Pseu Donyme

Re: Google doesn't have sales in France

> ... it does appear to be legal.

Presumably the French authorities disagree (hence the raid at dawn).

9
1

Half of EU members sidle up to EC: About the data-sharing rules. C'mon. Chill out

Pseu Donyme

Re: More barriers please

I quite agree, although instead of mere barriers I would insist on insurmountable bulwarks against any commercial use of personal information* without freely given, informed consent, revocable at any time; business models must be compatible with data protection (i.e. privacy), not the other way around.

* any data about a natural person, unless it is strictly impossible ever, under any circumstances for the holder of the data or a third party to identify the person to whom the data is related

4
0

EU mulls €3bn fine for Google

Pseu Donyme

While this is a worthy pursuit in its own right - Google has a dominant market position* which it is busy abusing - the really big deal is Google's business model of, essentially, privacy violation for profit on massive, unprecedented scale. For the latter I wouldn't, at all, mind seeing them driven out of the EU (if not existence) by humongous fines (or whatever means, really)**. It is worth noting that the issues are intertwined: ignoring EU privacy / data protection law has given Google a substantial and rather unfair competitive advantage to EU-based outfits having to abide by the same.

* not only with search, but with Android and web advertising, at least

** sadly, the likely outcome is that current arrogance and foot-dragging is replaced with enthusiastic bootlicking once it dawns to Google that serious monies are at stake and with this they emerge relatively unscathed, just a couple of $ billion poorer

0
0

The EU wants you to log into YouTube using your state-issued ID card

Pseu Donyme

From a privacy point of view the idea of using national id cards for logging on to the likes of Google (=Youtube) or Facebook is remarkably clueless. Instead there ought to be an explicit ban against letting them anywhere near the real identity of their users, or, actually, any information which could possibly be used to deduce the same by them or a third party (possibly with a narrow exception to enable investigation of serious crime by allowing IPs to be kept for a limited time for that sole purpose, only to be disclosed by a court order).

4
0

Microsoft, Google bury hatchet – surprisingly, not in each other

Pseu Donyme

Re: encourage government regulators to investigate each other

>Sell them all naked, and make a pile of OS disks available.

Or maybe have Windows pre-installed, but have it ask for an activation code on the first run that'd be on a separate scratch card or somesuch, which could be left at the store for a refund in the amount the OEM pays Microsoft. (I don't see any compelling reason to keep OEM prices secret, on the contrary, requiring all Microsoft-OEM contracts to be public in their entirety would help to keep Microsoft - a de facto monopolist - (a bit more) honest and hence be in the public interest (in particular if the price of Win 10 is supposed to be zero)).

4
0

Ad-blocker blocking websites face legal peril at hands of privacy bods

Pseu Donyme

Re: Bull

> ... ALL information ...

Indeed. While in the US the concern may be only PII in the sense of information sufficient in itself to identify a person (such as name, phone number, ...), the EU data protection regime deals with any and all information about a person even when that information doesn't directly identify a particular person. In practice I'd think it is enough if a such information could be tied to a person by a third party for it to become 'personal information', the collection, distribution or even 'processing' in the most general sense of which is subject to restrictions, a key one among them being that this requires consent of the person about whom the the information is. Hence, e.g. collecting IP addresses so that they can associated with other information such as pages visited is verboten - or at least this is the German data protection authority's stance (with which I quite agree).

26
1

Tweak Privacy Shield rules to make people happy? Nah – US govt

Pseu Donyme

The real problem is that the US (govt and companies) ought to take the issue - right to privacy in general and its modern aspect data protection in particular - seriously, but obviously they don't; ultimately the solution is for the US to adopt proper data protection legislation like just about any other advanced country, for US companies operating in the EU the solution is simply making a sincere effort to abide by the law there.

5
0

Prof squints at Google's mobile monopoly defence, shakes head

Pseu Donyme

Re: Clarification please

>does Google enforce this in some way?

The beauty of it (from Google's point of view) is that it doesn't need to: at this point the network effect* alone results in a practically unsurmountable competitive disadvantage for other app stores.

* i.e. the value of a product or service (to a user) gets higher the more other users there are (which happens because of the self-amplifying cycle of: more Google Play end users -> more apps distributed via Google Play -> more Google Play end users -> ... )

3
0

So you’d sod off to China to escape the EU, Google? Really?

Pseu Donyme

>The West could make its own alternatives...

In theory yes, but in practice not really. The linchpin is the app store, which affords Google a stranglehold on the mobile market akin to what Microsoft has with PCs*. This is because of the network effect, where the value of a product or service is dependent on the number of others using it; in practice this means that once a player in a market gains some advantage to competition this will snowball into a self-amplifying cycle of increasing advantage resulting in a (de facto) monopoly, which also tends to be persistent because of the massive advantage from the network effect is also results in a practically insurmountable barrier of entry.

* the more people use Windows software [Google Play], the more sense it makes to develop software for Windows instead of other platforms [distribute via Google Play instead of other app stores], which results in more people using Windows software, which results in more Windows software being developed, which results in more people using Windows software, ...

4
0

Panama Papers hack: Unpatched WordPress, Drupal bugs to blame?

Pseu Donyme

re: US connections, relative lack of

http://www.newyorker.com/news/john-cassidy/panama-papers-why-arent-there-more-american-names

4
0

US govt says it has cracked killer's iPhone, legs it from Apple fight

Pseu Donyme

>Okay, who called this off?

A possibility is that both Apple and FBI did i.e. there was an agreement behind the scenes to Apple to continue unlocking its devices as it has until recently and the FBI to back off from the court case with a mealymouthed explanation: stakes were high for both and the outcome was unpredictable (not only from the courts, but potentially from the legislators as well). I suppose this is unlikely and I would like to think better of Apple*, but then they were among the other prominent US tech corps on the PRISM slides courtesy of Ed Snowden. Also, in this case Apple seems to have found its zeal for privacy advocacy only after asking the FBI to issue its application for the unlock tool under seal**.

* a trivial reason being that I'd like to eventually replace my Blackberry with something decent, privacywise, of course it is great to see a big tech player putting emphasis on privacy, but then doubt towards tech from the US is not without reason

** http://www.nytimes.com/2016/02/19/technology/how-tim-cook-became-a-bulwark-for-digital-privacy.html

0
0

London's $40m 'flash crash' trader is to face extradition to the US

Pseu Donyme

Re: Fix

Indeed. As far as I can see a stock market would work perfectly well if the highest bids were matched with the lowest asks (where bid >= ask, of course) at the end of the day and where the price paid would be the mean of the two ((bid+ask)/2) for each match: after all, stock markets are closed overnight and during weekends so the need to have a current price by the nanosecond simply isn't there. (The bids and asks should also either be final (no canceling) and/or only published at the end of the day after the trades are final to further avoid manipulation.)

(re: free market, a bit of an oxymoron, really, as anything free in the sense of lacking enforced rules ceases to be a market in a practically useful sense. A fair market, in the sense of a level playing field, would seem like a more pragmatic goal.)

4
0

Apple tells iPhone court 'the Founders would be appalled' by Feds

Pseu Donyme

Re: @ Pseu Donyme

> How do you come to that conclusion? The SCOTUS ...

While a pragmatic summary of the Citizens United decision might be "money = speech" it is still not "code = speech". Also, Citizens United was in the context of campaign (advertising) financing intimately tied to political speech, whereas Apple's 'speech' here is software i.e. algorithms for computers to carry out, not disseminating and/or discussing facts and opinions between people. (Also, the crux of Citizens United was elsewhere: whether campaign financing may give rise to corruption or the appearance thereof. The implausible finding was that it doesn't )

1
1
Pseu Donyme

If the best Apple('s lawyers) can do here is to invoke free speech, the odds of them prevailing don't look very good: this is quite a stretch at best, not made any better by a corporate entity claiming what at its core is an individual right.

4
12

Hand in hand, TSMC, ARM head to 7nm server chip land

Pseu Donyme

Somehow this reminded me of the boast: "In the USSR we have the biggest microchips in the world." (a mock one making fun of their propaganda, of course)

1
0

Obama puts down his encrypted phone long enough to tell us: Knock it off with the encryption

Pseu Donyme

I'm mystified, ...

...deeply mystified as to what a terrorist could possibly have against the local building society.

4
0

Google gives ringing endorsement to US VPN providers with 'right to be forgotten' expansion

Pseu Donyme

Re: bollocks this is not about personal data

>There is no 'personal data' in search results as personal data is currently defined.

The US definition of PII is rather narrow (~data from which an individual can be directly identified such as a name, SSN, phone number ...), however, the EU data protection directive definition of personal data is much wider (~data about a person, even if it doesn't directly identify a person, but can potentially be connected to a person by a third party). Still, I can't see how a search by a person's name could be carried out and the results displayed in the US without exporting the name from a server in the EU at some point, if that is where the information related to the name originally resides.

0
0
Pseu Donyme

Re: Nudge, nudge, wink, wink. Say no more...

>Data collected in Europe should remain exclusively in Europe...

This can be an issue with (Google) search even if the results 'to be forgotten' are not displayed within the EU, but personal information has been exported from the EU to display or otherwise use it elsewhere. Such export is legal only if the receiving jurisdiction has proper data protection in place. Until recently the lack thereof in the US was supposedly covered with 'Safe Harbour', which meant that Google & other US companies taking advantage of it were supposed to honor the EU data protection principles with the exported data, the problem being that they not only don't but can't.

0
0

How the FBI will lose its iPhone fight, thanks to 'West Coast Law'

Pseu Donyme

Indeed

For science to have a change to defy law with the iPhone Apple would need to implement encryption in a way they themselves cannot circumvent. (One way of doing this would be adding a tamper-proof chip akin what is in a SIM to keep the encryption key, which would only spit it out given the correct passcode, and, unlike a SIM, would irrevocably erase its contents after too many misses).

3
1

Facebook can block folks using pseudonyms in Germany – court

Pseu Donyme

This is a bit of a surprise given the ECJ's Weltimmo* -decision, which would seem to say that even a minimal legal presence in a EU member country means that a company is subject to the data protection law / DPA of that member country.

I suppose Facebook might have been careful not to have any formal legal presence in Germany, in which case (by the Weltimmo decision) the German DPA should request the Irish one to act (and, if not happy with the result, they'd probably need to take the Irish DPA to the ECJ, likely by the way of Irish courts as happened in the Safe Harbour case).

* http://curia.europa.eu/jcms/upload/docs/application/pdf/2015-10/cp150111en.pdf

0
0

Ad-blockers are a Mafia-style 'protection racket' – UK's Minister of Fun

Pseu Donyme

Re: Ad-blockers are a Mafia-style 'protection racket

Advertising itself is a protection racket in that it provides only a relative advantage: if you were the only one to advertise there would an advantage to competion, when everyone does there is just a cost (ultimately paid by the costomers, of course).

1
0

Facebook's Latin America veep set free by appeals court

Pseu Donyme

Re: "What, you mean that this wasn't written by script kiddies?"

> ... those in power would understand things like math ...

The Guardian piece linked to would seem to say that WhatsApp has simply ignored the Brazilian requests: "Investigators first contacted WhatsApp, which was bought by Facebook in 2014, about four months ago but have yet to receive a response". If so, the fault lies with WhatsApp / Facebook not the judge's understanding IT issues. Also, the detained executive seems to have gotten out on a legal technicality: "A judge ruled he was wrongly detained because he was not named personally in the legal proceedings".

1
0

Safe Harbour v2.0 greenlights six bulk data collection excuses

Pseu Donyme

"Privacy shield"

I suppose it is aptly named in a sense: it shields privacy from us EU plebs.

3
0

ICO fined cold-call firm £350k – so directors put it into liquidation

Pseu Donyme

Methinks directors should be personally liable for ICO fines in case a LLC fails to pay them for any reason (unless, of course, they go to court to argue otherwise and the court finds in their favor).

13
0

Apple fires legal salvo at FBI for using All Writs law in iPhone brouhaha

Pseu Donyme

Re: One thing I don't understand

@Steve Todd, the way I have understood it, there is a 256-bit constant unique to each chip baked into it at manufacture. The AES-key(s) are derived from this and the passcode. The constant (AFAIK) is physically read-only*, it cannot be overwritten. Unless there is persistent, writable storage outside the phone's flash, a flash emulator should work to defeat the retry limit as anything to be wiped would have to be in the flash which would be restored as needed (or possibly be read-only altogether). What I think is overwritten when the 10 try limit is hit is some more key material stored in the flash without which the AES-keys needed to decrypt the file system cannot be derived. Likewise the delay would be defeated (to some extent) by a reboot with the emulated flash restored, if the only place to keep a persistent copy of the retry counter is the flash.

*or strictly speaking not even quite that from software point of view: it can't be accessed directly, only fed to to the AES-hardware. Still, firmware can brute force the passcode as it can generate the AES keys for all passcodes and see what decrypts.

0
0
Pseu Donyme

Re: One thing I don't understand

In an earlier related discussion a fellow commentard suggested replacing the flash with an emulator with a copy of the original data. Since this could be restored to original (or maybe be read-only to start with) it would defeat the erase-after-10-passcode-mismatches feature (provided that the flash is the only persistent storage in the device as it likely is (?)). The increasing delay between tries would still be there, but this might be worked around to some extent by rebooting the device with the original flash content loaded into the flash emulator.

1
0

Zuck: Facebook won't retry Free Basics in India

Pseu Donyme

Facebook is an exploitative* parasitic** monopoly*** that should not exist in the first place, but unfortunately does due to the lack of data and consumer protection law in the US and inefficient enforcement thereof in the EU.

*ads are commercial propaganda designed to manipulate and misinform; they are ultimately paid by their victim, the consumer as a higher price of products/services

**akin to doping in sports advertising provides only a relative advantage: if you were the only one among competition to do it there would be a real advantage, assuming everyone else does it, it is just amounts to an extra cost, effectively a tax to paid the admen

***not in a strict dictionary sense, a more accurate term would be "controlling market position" (a synonym in colloquial use?)

5
0

US DoJ files motion to compel Apple to obey FBI iPhone crack order

Pseu Donyme

Re: Nope...

> 1) ... they'll almost certainly plug forever in the next release to avoid a repetition.

We'll see, as long as it is possible to do it with a special build of the firmware it would have to be the next hardware release though*. (Secure enclave doesn't apply to a 5c, but it doesn't really help since it too runs replaceable firmware - or that is my take from: http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html ).

* e.g. add a tamper-proof chip akin what is in a SIM to keep the encryption key which will only spit it out given the correct passcode (and unlike a SIM, will irrevocably erase its contents after those ten misses).

0
0

Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that

Pseu Donyme

Re: Simple solution...

> ... if the flash memory were to be cloned ...

I was thinking along these lines myself, but it turns out that there is a unique per chip 256-bit number baked in the A6 chip (in an internal ROM section or somesuch on the silicon); this and the passcode are used to derive the encryption keys; since there is no external interface to access this* it cannot simply be copied / cloned to be used in a VM.

* even the firmware cannot read this directly, it can only have it fed to the AES hardware

7
0

Why Tim Cook is wrong: A privacy advocate's view

Pseu Donyme

> http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html

Thanks for the link! :)

The article explains why Apple can in fact decrypt an iPhone given physical access. A simplified version seems to be that the AES keys are ultimately derived from the passcode and a 256-bit unique per chip key (UID) baked in the core SoC (A6 in the case of a 5c) at the time of manufacture. The UID is not accessible to software as such, but can be fed to the AES hardware via an internal hardware path. This means that firmware could brute force the derived key(s) by going trough the passcodes using the AES hardware and seeing what decrypts. For simple/short keys at least this is quite feasible: using the 80 ms per iteration from the above article a 4 digit code space would be completely covered in 800 s.

The 5c / A6 does not have the 'secure enclave' so this is not a consideration for the case at hand, but since the code running there is also a part of the firmware provided by Apple this wouldn't seem to make a difference for the newer models (from 5s / A7 onward) with it. Also, apparently, the ten try limit and the increasing delay between tries are just firmware features.

4
0

Depressed? Desperate for a ciggie? Blame the Neanderthals

Pseu Donyme

Absolutely, give the man a beer. On a related note - as we now know that the snap has been taken within the Reg US offices - the chap on the left is surely our dear hack A. Orlowski?

4
0

Page:

Forums