#jaclaz - hyper-mega-trans-nuclear, buzzword 2016 -)
Yuri Gubanov, Belkasoft is a well trusted source - these russian guys are global greatest!!
I think people are misunderstanding my point here.
Let's say you encrypt your hard drive to the highest level of encryption but you set the password as ''1234''. If the hard drive is passed to an examiner it would not be feasible to brute force the encryption key, but the password could be brute forced very quickly.
This is the point I'm making with an encrypted iPhone chip. When it's in the iPhone it's protected with the time delays between incorrect guesses and potentially wipe mode after 10 failed guesses. Once the chip is off this is no longer the case.
It may be that the encryption key is 256 in length and not feasible to brute force that, BUT since the password used is only 4 numbers could this then be possible to brute force in 9999 guesses?
If I am fundamentally missing something here then please do correct me. I am not, and do not proclaim to be an expert.
If I am fundamentally missing something here then please do correct me. I am not, and do not proclaim to be an expert.
Which is good ) , since we are at the same level (of non-expert).
I will try to re-state what I have already posted.
The lock PIN is a 4 numerical character code.
The "mechanism" that allows to unlock is inside a "black box", something that you don't know the internals of, and you can only observe how it behaves.
This mechanism keep count of access attempts and when they reach 3 or 5 (or any given number) of failed subsequent attempts locks the device for good or deleted the "real" encryption key.
If you supply the right PIN (which is a successful attempt) the counter is reset to 0 and *somehow* the "black box" gives you access to the device and supplies the "right encryption key" to the device allowing it's OS to access data etc. by on-the-fly unencrypting them.
In order to brute-force the 4 digit PIN you need *something* (that AFAIK does not exist) that can be used INSTEAD of the "black box" capable of EXACTLY replicating what the "black box" does BUT without "keeping count" of failed attempts.
Normal operation
"right" PIN->"blackbox"->Unencrypted chip contents
"wrong" PIN -> "blackbox" ->SET counter=%counter%+1&IF %counter% GEQ 5 GOTO Lock
Hypothetical device operation
"right" PIN->"hypothetical emulator"->Unencrypted chip contents (chip-off data)
"wrong" PIN ->"hypothetical emulator"-> GOTO END
Maybe this way it more clear ? .
jaclaz
Understood )
I think people are misunderstanding my point here.
Let's say you encrypt your hard drive to the highest level of encryption but you set the password as ''1234''. If the hard drive is passed to an examiner it would not be feasible to brute force the encryption key, but the password could be brute forced very quickly.
This is the point I'm making with an encrypted iPhone chip. When it's in the iPhone it's protected with the time delays between incorrect guesses and potentially wipe mode after 10 failed guesses. Once the chip is off this is no longer the case.
It may be that the encryption key is 256 in length and not feasible to brute force that, BUT since the password used is only 4 numbers could this then be possible to brute force in 9999 guesses?
If I am fundamentally missing something here then please do correct me. I am not, and do not proclaim to be an expert.
Are you willing to pay for this answer?
telling you where to GO and which CHIP to read and WHERE IS the Enable/Disable pin location of your locked phone..