The key to break complex passwords that lock the phone. If you use something other that a 4 digit password, it can not be broken.
Where did you study your cryptography? I cannot believe that you could make such a blatant mistake. 5 or even 6 digits is nothing to get past compared to 4.
The thing YOU don't get is that once a backdoor is in place (no matter its intention) it will take those with other than so-called legal access via court order etc… a very short time to uncover this backdoor and make the encryption all but useless. Look back at Jailbraking and unlocking of iPhones -- people like you cried that it was your right to have it open. Well Android is living proof that simply does not work. Same with the copy protection put in place for Bluray discs, didn't take the bad guys long to break into that and it was a quite sophisticated system same thing with Apple's iPhone to keep the phone safe -- cat and mouse for every new iOS version out there. If you think the protection was trivial you have another think coming!
You want to build in a backdoor that allows the govt to snoop. I don't think so!
Snoop? No. I don't want them snooping. Yes, once there is a way to break the encrypted password, those with court approved access would be able to read data on the phone if the data is not encrypted by another means.
As for hackers... That issue makes this one that needs to be discussed and carefully considered by people who don't make knee jerk reactions.
Thanks for pointing out my error. WhatI meant was that if you leave an intentional backdoor in place you have made your device vulnerable at a level that it was not before. You now have a group of people (some within the govt) that are willing to share, for a price, another way in that may not leave any footprints.
Where did you study your cryptography? I cannot believe that you could make such a blatant mistake. 5 or even 6 digits is nothing to get past compared to 4.
Four, 5 or 6 digits does not constitute a complex password. Apparently, you don't realize that "A.fgy.Z.15" or more complex can be used as a password on the iPhone. Those are the passwords that are the problem.
Where did you study your cryptography? I cannot believe that you could make such a blatant mistake. 5 or even 6 digits is nothing to get past compared to 4.
Four, 5 or 6 digits does not constitute a complex password. Apparently, you don't realize that "A.fgy.Z.15" or more complex can be used as a password on the iPhone. Those are the passwords that are the problem.
It may seem so but I am not in a pissing war with you. True a password like you present is much more secure than 4321. So, that being said it is more difficult but your statement that "If you use something other that a 4 digit password, it can not be broken." is pure unadulterated horse sh!t. It takes a bit longer but to use the absolute "it can not be broken" is just not true.
Four, 5 or 6 digits does not constitute a complex password. Apparently, you don't realize that "A.fgy.Z.15" or more complex can be used as a password on the iPhone. Those are the passwords that are the problem.
On a related note on an iPhone with "Erase all data after 10 failed login attempts" does a warning appear or does it just erase?
It may seem so but I am not in a pissing war with you. True a password like you present is much more secure than 4321. So, that being said it is more difficult but your statement that "If you use something other that a 4 digit password, it can not be broken." is pure unadulterated horse sh!t. It takes a bit longer but to use the absolute "it can not be broken" is just not true.
"A complex iPhone passcode, however, takes more effort. The investigator needs to know, and manually insert, this type of passcode in order to extract and decrypt all data. ... If the investigator cannot figure out what the passcode is, no mobile forensic tool exists that can bypass it. Some data can be extracted and decrypted, but not protected files."
Any password is breakable with enough patience. And wasn't there some kind of hardware kit recently that could break an iPhone password given enough time, and could even get past the 10 failed login setting via some chicanery?
Any password is breakable with enough patience. And wasn't there some kind of hardware kit recently that could break an iPhone password given enough time, and could even get past the 10 failed login setting via some chicanery?
^ That any password is breakable with enough time?
Sure it's true, just try every combination until it works. How could that not be true?
Regarding the hardware kit I mentioned, here it is:
http:// 9 to 5 mac /2015/03/18/iphone-passcode-hack/
Fixed in 8.1.1 and the hardware explicitly targeted the 4 digit code, but that's very recent, and an implementation choice. Complex passwords are not invulnerable.
Any password is breakable with enough patience. And wasn't there some kind of hardware kit recently that could break an iPhone password given enough time, and could even get past the 10 failed login setting via some chicanery?
Any password is breakable with enough patience. And wasn't there some kind of hardware kit recently that could break an iPhone password given enough time, and could even get past the 10 failed login setting via some chicanery?
The 4 digit pin appeared to be attackable at least before the fix to the mentioned vulnerability regarding the failed attempt counter (were that feature enabled) but longer more complex passwords do start to enter into "theoretical" breaking territory, depending on your views of the cosmological question of how long the universe will last...
Hence as I understand it, the common emphasis on socially hacking into protected systems: the weakest link in most any multi-person system being the people... a random 24 digit and alpha numeric password on a Post-it on your monitor (or on a notecard in your wallet)? About one level more "secure" than "password".
ETA: Fun story, back in the day a university buddy headed a tech company's IT system and he said he had three people whose main job was to go around removing people's passwords from their monitors and desk pullouts.... as a backup (and consequence) to their system's mandatory one month password lifetime with no repeats ever allowed and fairly stringent standards on randomness; meaning remembering them was acknowledged to be next to impossible...
Adam D. Moore, author of Privacy Rights: Moral and Legal Foundations, argued "it is the view that rights are resistant to cost/benefit or consequentialist sort of arguments. Here we are rejecting the view that privacy interests are the sorts of things that can be traded for security."[16] He also stated that surveillance can disproportionately affect certain groups in society based on appearance, ethnicity, and religion.[16] Moore maintains that there are at least three other problems with the "nothing to hide" argument. First, if individuals have privacy rights, then invoking "nothing to hide" is irrelevant. Privacy, understood as a right to control access to and uses of spaces, locations, and personal information, means that it is the right holder who determines access. To drive this point home Moore offers the following case. "Imagine upon exiting your house one day you find a person searching through your trash painstakingly putting the shredded notes and documents back together. In response to your stunned silence he proclaims 'you don’t have anything to worry about – there is no reason to hide is there?'" [16] Second, individuals may wish to hide embarrassing behavior or conduct not accepted by the dominant culture. "Consider someone’s sexual or medical history. Imagine someone visiting a library to learn about alternative lifestyles not accepted by the majority." [16] Finally, Moore argues that "nothing to hide," if taken seriously, could be used against government agents, politicians, and CEO's. This is to turn the “nothing to hide” argument on its head. Moore argues that the NSA agent, politician, police chief, and CEO have nothing to hide so they should embrace total transparency like the rest of us. "But they don’t and when given the technological tools to watch, the politician, police chief, or CEO are almost always convinced that watching others is a good thing." [16]
Remember this very important fact, spy agencies do one thing: they collect people, once a spy agency knows something about a person, and this is important, something no one else knows, then that person can be used for whatever purposes. Consider for instance if the they knew that the president of Russia murdered someone. They would have control over the action of him.
Same is true of any person. Typically the most important people / institutions want to know the secrets of others and keep their own secrets private. That is the way of the world. It's all about power and the system we live in is controlled from the top down and the most corrupt people are at the top .. All these laws are enacted for that purpose to keep you and I under their control. We must resist them at all costs.
I disagree I have the right to keep my email private. The problem is this : say for instance I like to attend a swinger party. These are parties where I go with my wife and have sex with other couples, all perfectly legal. I do not want the government but especially anyone at work finding out about. Can you imagine the consequences for my career that would have especially if I was a teacher. Society has no right to know what I do behind closed doors as long as it's not criminal. That's the reason why I have things to hide and why the argument made by people who say "if you are doing nothing illegal, then you have nothing to hide" is so obviously bogus. I could come up with many examples from something as innocuous as reading books by certain authors that I don't want my boss knowing about. I don't want people knowing I post things like this on apple insider. That is my right.
Comments
The key to break complex passwords that lock the phone. If you use something other that a 4 digit password, it can not be broken.
Where did you study your cryptography? I cannot believe that you could make such a blatant mistake. 5 or even 6 digits is nothing to get past compared to 4.
The thing YOU don't get is that once a backdoor is in place (no matter its intention) it will take those with other than so-called legal access via court order etc… a very short time to uncover this backdoor and make the encryption all but useless. Look back at Jailbraking and unlocking of iPhones -- people like you cried that it was your right to have it open. Well Android is living proof that simply does not work. Same with the copy protection put in place for Bluray discs, didn't take the bad guys long to break into that and it was a quite sophisticated system same thing with Apple's iPhone to keep the phone safe -- cat and mouse for every new iOS version out there. If you think the protection was trivial you have another think coming!
You want to build in a backdoor that allows the govt to snoop. I don't think so!
Snoop? No. I don't want them snooping. Yes, once there is a way to break the encrypted password, those with court approved access would be able to read data on the phone if the data is not encrypted by another means.
As for hackers... That issue makes this one that needs to be discussed and carefully considered by people who don't make knee jerk reactions.
Thanks for pointing out my error. WhatI meant was that if you leave an intentional backdoor in place you have made your device vulnerable at a level that it was not before. You now have a group of people (some within the govt) that are willing to share, for a price, another way in that may not leave any footprints.
Where did you study your cryptography? I cannot believe that you could make such a blatant mistake. 5 or even 6 digits is nothing to get past compared to 4.
Four, 5 or 6 digits does not constitute a complex password. Apparently, you don't realize that "A.fgy.Z.15" or more complex can be used as a password on the iPhone. Those are the passwords that are the problem.
It may seem so but I am not in a pissing war with you. True a password like you present is much more secure than 4321. So, that being said it is more difficult but your statement that "If you use something other that a 4 digit password, it can not be broken." is pure unadulterated horse sh!t. It takes a bit longer but to use the absolute "it can not be broken" is just not true.
Four, 5 or 6 digits does not constitute a complex password. Apparently, you don't realize that "A.fgy.Z.15" or more complex can be used as a password on the iPhone. Those are the passwords that are the problem.
On a related note on an iPhone with "Erase all data after 10 failed login attempts" does a warning appear or does it just erase?
Apple can't even decrypt an iPhone complex password. http://app.forensicmag.com/articles/2014/03/challenges-smartphone-forensics-passwords-and-encryption
"A complex iPhone passcode, however, takes more effort. The investigator needs to know, and manually insert, this type of passcode in order to extract and decrypt all data. ... If the investigator cannot figure out what the passcode is, no mobile forensic tool exists that can bypass it. Some data can be extracted and decrypted, but not protected files."
Any password is breakable with enough patience. And wasn't there some kind of hardware kit recently that could break an iPhone password given enough time, and could even get past the 10 failed login setting via some chicanery?
^ That any password is breakable with enough time?
Sure it's true, just try every combination until it works. How could that not be true?
Regarding the hardware kit I mentioned, here it is:
http:// 9 to 5 mac /2015/03/18/iphone-passcode-hack/
Fixed in 8.1.1 and the hardware explicitly targeted the 4 digit code, but that's very recent, and an implementation choice. Complex passwords are not invulnerable.
^ That's a better link, thanks
the magic of Google Search
Any password is breakable with enough patience. And wasn't there some kind of hardware kit recently that could break an iPhone password given enough time, and could even get past the 10 failed login setting via some chicanery?
The 4 digit pin appeared to be attackable at least before the fix to the mentioned vulnerability regarding the failed attempt counter (were that feature enabled) but longer more complex passwords do start to enter into "theoretical" breaking territory, depending on your views of the cosmological question of how long the universe will last...
Hence as I understand it, the common emphasis on socially hacking into protected systems: the weakest link in most any multi-person system being the people... a random 24 digit and alpha numeric password on a Post-it on your monitor (or on a notecard in your wallet)? About one level more "secure" than "password".
ETA: Fun story, back in the day a university buddy headed a tech company's IT system and he said he had three people whose main job was to go around removing people's passwords from their monitors and desk pullouts.... as a backup (and consequence) to their system's mandatory one month password lifetime with no repeats ever allowed and fairly stringent standards on randomness; meaning remembering them was acknowledged to be next to impossible...
Remember this very important fact, spy agencies do one thing: they collect people, once a spy agency knows something about a person, and this is important, something no one else knows, then that person can be used for whatever purposes. Consider for instance if the they knew that the president of Russia murdered someone. They would have control over the action of him.
Same is true of any person. Typically the most important people / institutions want to know the secrets of others and keep their own secrets private. That is the way of the world. It's all about power and the system we live in is controlled from the top down and the most corrupt people are at the top .. All these laws are enacted for that purpose to keep you and I under their control. We must resist them at all costs.
Take a word like
$ecret
Then take a number like 54
Take the cube root of it ie 3.825862365
Use 9 digits after the decimal point
$ecret825862365
Nice easy way to remember a password , all I need is a calculator
Then of course I can purchase a RSA 6 digit key that appends to my normal password ,changes every 60 secs
I have this for my bank access
For other accounts I have the website send a 6 digit code to my phone and I must append it to my password
Effectively keeping me safe from key loggers and other hackers and family