The claimed authority to require Apple's assistance is the All Writs Act, and All Writs does not apply if there is specific law. Which in the case of communications devices there arguably is. So you may be wrong on that account./div>
If the only input that is missing is the 8-character PIN then the number of tries in a pure brute-force method is the number of possible 8-character PINs. The key-lengthening etc merely imposes computational delay, and if an iPhone can do it in a reasonable amount of time then more capable hardware will breeze through that. So it comes down to my first if./div>
Of course you're without the PIN, that's what you're looking to determine. But the number of rounds introduces nothing other than a computational delay between trying a pin and testing for a successful decrypt. Saying, "Without the PIN, there is nothing to find" makes no sense./div>
I don't believe for a moment that decrypting the data on the phone is impossible for Apple, though the exact method specified as the default may not work (but read the last paragraph of the first quote).
My understanding is that the phone in question is an old model that doesn't implement the "secure enclave".
But if the data can be extracted then it's just stupid to do the decryption in the phone./div>
"...if the user chose a decent password a brute-force search would still take prohibitively long."
The FBI appears to believe that a brute force method will work, and I know no reason to disbelieve them. Most people don't, after all, use "decent" passwords. And my understanding is that the allowed password isn't very long. The encryption key is, I understand, from a hash with the device id, but if the latter is known that doesn't increase the number of necessary tries./div>
Techdirt has not posted any stories submitted by Gandydancer.
Re: Apple Must Open The San Bernardino Terrorist's IPhone.
Re: Re: Re:
Re: Re: Send the phone to NSA
Re: Re: Re: or maybe it's more calculated than it appears...
My understanding is that the phone in question is an old model that doesn't implement the "secure enclave".
But if the data can be extracted then it's just stupid to do the decryption in the phone./div>
Re: Re: or maybe it's more calculated than it appears...
The FBI appears to believe that a brute force method will work, and I know no reason to disbelieve them. Most people don't, after all, use "decent" passwords. And my understanding is that the allowed password isn't very long. The encryption key is, I understand, from a hash with the device id, but if the latter is known that doesn't increase the number of necessary tries./div>
Techdirt has not posted any stories submitted by Gandydancer.
Submit a story now.
Tools & Services
TwitterFacebook
RSS
Podcast
Research & Reports
Company
About UsAdvertising Policies
Privacy
Contact
Help & FeedbackMedia Kit
Sponsor/Advertise
Submit a Story
More
Copia InstituteInsider Shop
Support Techdirt