Researcher estimates GrayKey can unlock 6-digit iPhone passcode in 11 hours, here's how to...

13»

Comments

  • Reply 41 of 54
    cornchipcornchip Posts: 1,954member
    Soli said:
    By my last count, since you can't use emoji in your passcode (yet), a 4-character passcode with the iOS keyboard is a little over 1 billion combinations.
    That's a real interesting concept. With some sort of character disbursement into your 6-digit code it could be almost unbreakable.
    Don’t those character codes change from time to time? Would an update screw up your password?
  • Reply 42 of 54
    Just changed to 12-digit alphanumeric. 261815124366622899072000 permutations. 171 years to find.
    watto_cobra
  • Reply 43 of 54
    tallest skiltallest skil Posts: 43,388member
    cornchip said:
    Don’t those character codes change from time to time? Would an update screw up your password?
    What good would Unicode be if it changed? There are empty spaces in the Unicode block where they add new characters, but they don’t change.
    watto_cobra
  • Reply 44 of 54
    SoliSoli Posts: 10,038member
    Soli said:
    Soli said:
    Soli said:
    By my last count, since you can't use emoji in your passcode (yet), a 4-character passcode with the iOS keyboard is a little over 1 billion combinations.
    The formula is n^x, where n is how many possible values a character can have, and x is the number of such characters, that can be independently chosen. 
    So, for alpha numerical combination containing a..z, A..Z, 0..9 and special symbols like `~!@#$%^&*()_+-=;:'"[]{}.,
    that would be roughly 88^x. 
    Assuming 10ms time for each attempt, we get:
    Regular 4 digit code:                                         10,000 combinations - 1m 40s to unlock (at most).
    Regular 6 digit code:                                    1,000,000 combinations - 2h 47m  to unlock (at most).
    Alpha-numeric 4 characters:                      59,969,536 combinations - 7 days  to unlock (at most).
    Alpha-numeric  6 characters:            464,404,086,784 combinations - at most 147 YEARS  to unlock (at most).
    Alpha-numeric 8 characters:   3,596,345,248,055,296 combinations - - at most 1,140,393 YEARS  to unlock (at most)....lol.
    You missed a lot. Remember this is an iOS virtual keyboard, not some crappy website which still has a link for "Webmaster" at the bottom so you can do a long hold on many of the characters to get considerably more options within a second. For example, you can a password with the following characters: ₽㧰

    And that's just by having the English keyboard enabled. I assume that if you have others you add all those Unicode characters to the password palette, but I have yet to test that, hence my statement of more than 1 billion for 4 characters.
    1. I did not miss anything. I simply stated that for 88 possible values per character, those would be the numbers, given the assumptions I made.
    2. Not sure if extended character sets are supported by the encryption algs. By the looks if it, accented letters are not accessible from the English keyboard when iOS asks for an alpha-numerical password, so my guess is that it might not be. That is why I went with a safe bet that always works.
    Let's revisit what you wrote: "where is how many possible values a character can have" which you then followed up way claiming it would be roughly 88 potential characters. I understand if you've never thought about it before (I doubt many have), but after the facts are presented to you to then claim that you purposely chose not to consider all those possible characters is just shameful.

    "I understand if you've never thought about it before"
    I am pretty sure I did, given my background and master's degree in computer science. But, what do I know. Combinatorics is definitely beyond my understanding. /s

    "but after the facts are presented to you to then claim that you purposely chose not to consider all those possible characters is just shameful."
    This is complete nonsense!
    What I gave was just ONE example, with all the assumptions CLEARLY STATED. Nowhere I claimed that that example covers all possible cases, nor I stated that that was an example of the most secure system, using the largest possible variability of characters for the pass code.
    That was just you pulling those assumptions from your arse right there, and then trying to "gotcha" me on that.

    Show me, where I stated that 88 possible values for one character is the largest set one can get in iOS, please!
    Point to a specific line in my comment, that states what you implied/said it states!
    Thank you!
    So on an article about the password options for an iOS device you're now moving your argument to claim that because of a so-called "master's degree in computer science" you would absolutely know how many character options are on an iOS 11.3 keyboard and that it can be used for the password as you as you write a port to claim that my 1+ billion count is far too hight.

    You specifically said there were "roughly" 88" options and then included all the common specifically characters easily found on physical American keyboard and usually accepted by websites and enterprises, while also ignoring all the characters around those characters which proves that you never once looked at the iIOS keyboard to make a count in writing your post.

    Again,it's not shameful that you couldn't even see the target that others were hitting, but it's shameful to lie about now and claim you knew it all along but decided to write something pointless in article about the passcode options in iOS while writing like a 1990's Webmaster. Makes perfect sense¡
  • Reply 45 of 54
    SoliSoli Posts: 10,038member
    cornchip said:
    Don’t those character codes change from time to time? Would an update screw up your password?
    What good would Unicode be if it changed? There are empty spaces in the Unicode block where they add new characters, but they don’t change.

    As a general rule, Unicode needs to be effectively be set in stone, as you state,, but here are ways in which Unicode character have changed in the past, as well as 94 included errors that won't be fixed for the foreseeable future.

    From Wikipedia:

    The Unicode standard has imposed rules intended to guarantee stability. Depending on the strictness of a rule, a change can be prohibited or allowed. For example, a "name" given to a code point can not and will not change. But a "script" property is more flexible, by Unicode's own rules. In version 2.0, Unicode changed many code point "names" from version 1. At the same moment, Unicode stated that from then on, an assigned name to a code point will never change anymore. This implies that when mistakes are published, these mistakes cannot be corrected, even if they are trivial (as happened in one instance with the spelling BRAKCET for BRACKET in a character name). In 2006 a list of anomalies in character names was first published, and, as of April, 2017, there were 94 characters with identified issues, for example:
    • U+2118 ℘ script capital p (HTML ℘ · ℘): it is not a capital. The name says "capital", but it is a small letter. The true capital is U+1D4AB 𝒫 MATHEMATICAL SCRIPT CAPITAL P (HTML 𝒫)
    • U+034F ͏ COMBINING GRAPHEME JOINER (HTML ͏): Does not join graphemes.
    • U+A015 ꀕ YI SYLLABLE WU (HTML ꀕ): This is not a Yi syllable, but a Yi iteration mark. Its name, however, cannot be changed due to the policy of the Consortium.
    • U+FE18 ︘ PRESENTATION FORM FOR VERTICAL RIGHT WHITE LENTICULAR BRAKCET (HTML ︘): bracket is spelled incorrectly. Since this is the fixed character name by policy, it cannot be changed.
     You also have the potential changes of emoji ideograms to be up to the whim of whomever, which is why Apple was allowed a move from a handgun to a toy gun a couple years back, which isn't a big deal but too much variety in this area could lead to cross-platform emoji reducing an attempt at communication, but I don't see that being a major issue and that's not really up to Unicode and would fall closer to fonts, in that sense.
    tallest skil
  • Reply 46 of 54
    anton zuykovanton zuykov Posts: 1,056member
    Soli said:
    Soli said:
    Soli said:
    Soli said:
    By my last count, since you can't use emoji in your passcode (yet), a 4-character passcode with the iOS keyboard is a little over 1 billion combinations.
    The formula is n^x, where n is how many possible values a character can have, and x is the number of such characters, that can be independently chosen. 
    So, for alpha numerical combination containing a..z, A..Z, 0..9 and special symbols like `~!@#$%^&*()_+-=;:'"[]{}.,
    that would be roughly 88^x. 
    Assuming 10ms time for each attempt, we get:
    Regular 4 digit code:                                         10,000 combinations - 1m 40s to unlock (at most).
    Regular 6 digit code:                                    1,000,000 combinations - 2h 47m  to unlock (at most).
    Alpha-numeric 4 characters:                      59,969,536 combinations - 7 days  to unlock (at most).
    Alpha-numeric  6 characters:            464,404,086,784 combinations - at most 147 YEARS  to unlock (at most).
    Alpha-numeric 8 characters:   3,596,345,248,055,296 combinations - - at most 1,140,393 YEARS  to unlock (at most)....lol.
    You missed a lot. Remember this is an iOS virtual keyboard, not some crappy website which still has a link for "Webmaster" at the bottom so you can do a long hold on many of the characters to get considerably more options within a second. For example, you can a password with the following characters: ₽㧰

    And that's just by having the English keyboard enabled. I assume that if you have others you add all those Unicode characters to the password palette, but I have yet to test that, hence my statement of more than 1 billion for 4 characters.
    1. I did not miss anything. I simply stated that for 88 possible values per character, those would be the numbers, given the assumptions I made.
    2. Not sure if extended character sets are supported by the encryption algs. By the looks if it, accented letters are not accessible from the English keyboard when iOS asks for an alpha-numerical password, so my guess is that it might not be. That is why I went with a safe bet that always works.
    Let's revisit what you wrote: "where is how many possible values a character can have" which you then followed up way claiming it would be roughly 88 potential characters. I understand if you've never thought about it before (I doubt many have), but after the facts are presented to you to then claim that you purposely chose not to consider all those possible characters is just shameful.

    "I understand if you've never thought about it before"
    I am pretty sure I did, given my background and master's degree in computer science. But, what do I know. Combinatorics is definitely beyond my understanding. /s

    "but after the facts are presented to you to then claim that you purposely chose not to consider all those possible characters is just shameful."
    This is complete nonsense!
    What I gave was just ONE example, with all the assumptions CLEARLY STATED. Nowhere I claimed that that example covers all possible cases, nor I stated that that was an example of the most secure system, using the largest possible variability of characters for the pass code.
    That was just you pulling those assumptions from your arse right there, and then trying to "gotcha" me on that.

    Show me, where I stated that 88 possible values for one character is the largest set one can get in iOS, please!
    Point to a specific line in my comment, that states what you implied/said it states!
    Thank you!
    So on an article about the password options for an iOS device you're now moving your argument to claim that because of a so-called "master's degree in computer science"
    There is only one "so called" thing here. Your logic.
    You also failed  at pointing out that specific line in my post, which was absolutely expected.

    " you're now moving your argument "
    There was never any argument here. It was just one example for one particular case, and your total lack of english comprehension, which combined with your psychotic personality, gave birth to several entertaining posts of yours..
    Sorry, you have no case here.

    "Again,it's not shameful that you couldn't even see the target that others were hitting"
    What target? You are completely and utterly insane. You act as if I promised something and then did not deliver, which wasn't the case! lol.
    Keep posting, buddy, and don't forget that you DO NEED your medication. Without it you are a complete train-wreck!

    edited April 2018
  • Reply 47 of 54
    SoliSoli Posts: 10,038member
    Soli said:
    Soli said:
    Soli said:
    Soli said:
    By my last count, since you can't use emoji in your passcode (yet), a 4-character passcode with the iOS keyboard is a little over 1 billion combinations.
    The formula is n^x, where n is how many possible values a character can have, and x is the number of such characters, that can be independently chosen. 
    So, for alpha numerical combination containing a..z, A..Z, 0..9 and special symbols like `~!@#$%^&*()_+-=;:'"[]{}.,
    that would be roughly 88^x. 
    Assuming 10ms time for each attempt, we get:
    Regular 4 digit code:                                         10,000 combinations - 1m 40s to unlock (at most).
    Regular 6 digit code:                                    1,000,000 combinations - 2h 47m  to unlock (at most).
    Alpha-numeric 4 characters:                      59,969,536 combinations - 7 days  to unlock (at most).
    Alpha-numeric  6 characters:            464,404,086,784 combinations - at most 147 YEARS  to unlock (at most).
    Alpha-numeric 8 characters:   3,596,345,248,055,296 combinations - - at most 1,140,393 YEARS  to unlock (at most)....lol.
    You missed a lot. Remember this is an iOS virtual keyboard, not some crappy website which still has a link for "Webmaster" at the bottom so you can do a long hold on many of the characters to get considerably more options within a second. For example, you can a password with the following characters: ₽㧰

    And that's just by having the English keyboard enabled. I assume that if you have others you add all those Unicode characters to the password palette, but I have yet to test that, hence my statement of more than 1 billion for 4 characters.
    1. I did not miss anything. I simply stated that for 88 possible values per character, those would be the numbers, given the assumptions I made.
    2. Not sure if extended character sets are supported by the encryption algs. By the looks if it, accented letters are not accessible from the English keyboard when iOS asks for an alpha-numerical password, so my guess is that it might not be. That is why I went with a safe bet that always works.
    Let's revisit what you wrote: "where is how many possible values a character can have" which you then followed up way claiming it would be roughly 88 potential characters. I understand if you've never thought about it before (I doubt many have), but after the facts are presented to you to then claim that you purposely chose not to consider all those possible characters is just shameful.

    "I understand if you've never thought about it before"
    I am pretty sure I did, given my background and master's degree in computer science. But, what do I know. Combinatorics is definitely beyond my understanding. /s

    "but after the facts are presented to you to then claim that you purposely chose not to consider all those possible characters is just shameful."
    This is complete nonsense!
    What I gave was just ONE example, with all the assumptions CLEARLY STATED. Nowhere I claimed that that example covers all possible cases, nor I stated that that was an example of the most secure system, using the largest possible variability of characters for the pass code.
    That was just you pulling those assumptions from your arse right there, and then trying to "gotcha" me on that.

    Show me, where I stated that 88 possible values for one character is the largest set one can get in iOS, please!
    Point to a specific line in my comment, that states what you implied/said it states!
    Thank you!
    So on an article about the password options for an iOS device you're now moving your argument to claim that because of a so-called "master's degree in computer science"
    There is only one "so called" thing here. Your logic.
    You also failed  at pointing out that specific line in my post, which was absolutely expected.

    " you're now moving your argument "
    There was never any argument here. It was just one example for one particular case, and your total lack of english comprehension. 
    Sorry, you have no case here.
    I've quoted it several times in a post about iOS passcode complexity, where I made a claim about the level of complexity of said iOS keyboard, to which you tried (and failed) to argue that it takes a lot more than 4 characters to reach 1 billion because of some archaic which you failed to evolved from into the modern age, and then you got your ass schooled with data that you really should've looked up on your own… even without your so-called "masters degrees in iOS keyboard character counting." LOL Maybe you still get your money back from Sally Struthers. It's worth a shot. ¯\_(ツ)_/¯ 

    " you're now moving your argument "
    There was never any argument here. It was just one example for one particular case, and your total lack of english comprehension. 
    Sorry, you have no case here.
    A case for your AOL login, not for an iOS keyboard.

    edited April 2018
  • Reply 48 of 54
    anton zuykovanton zuykov Posts: 1,056member
    Soli said:
    Again,it's not shameful that you couldn't even see the target that others were hitting, but it's shameful to lie about now and claim you knew it all along but decided to write something pointless in article about the passcode options in iOS while writing like a 1990's Webmaster. Makes perfect sense¡
    Hearing words "perfect sense" from you, is like hearing a words "human rights" from Hitler. Very hypocritical and ironic.
    edited April 2018
  • Reply 49 of 54
    SoliSoli Posts: 10,038member
    Soli said:
    Again,it's not shameful that you couldn't even see the target that others were hitting, but it's shameful to lie about now and claim you knew it all along but decided to write something pointless in article about the passcode options in iOS while writing like a 1990's Webmaster. Makes perfect sense¡
    Hearing words "perfect sense" from you, is like hearing a words "human rights" from Hitler. Very hypocritical and ironic.
    Holy crap on a cracker! That is literally the point of the temherte slaqî (a character that looks like the inverted exclamation point, U+00A1). 🤦‍♀️

    PS: Way to go with Godwin's Law. You're a real winner¡


    edited April 2018
  • Reply 50 of 54
    anton zuykovanton zuykov Posts: 1,056member
    Soli said:
    Soli said:
    Again,it's not shameful that you couldn't even see the target that others were hitting, but it's shameful to lie about now and claim you knew it all along but decided to write something pointless in article about the passcode options in iOS while writing like a 1990's Webmaster. Makes perfect sense¡
    Hearing words "perfect sense" from you, is like hearing a words "human rights" from Hitler. Very hypocritical and ironic.
    Holy crap on a cracker! That is literally the point of the Ttemherte slaqî (a character that looks like the inverted exclamation point, U+00A1). 🤦‍♀️

    PS: Way to go with Godwin's Law. You're a real winner¡


    Soli said:
    Soli said:
    Again,it's not shameful that you couldn't even see the target that others were hitting, but it's shameful to lie about now and claim you knew it all along but decided to write something pointless in article about the passcode options in iOS while writing like a 1990's Webmaster. Makes perfect sense¡
    Hearing words "perfect sense" from you, is like hearing a words "human rights" from Hitler. Very hypocritical and ironic.
    Holy crap on a cracker! That is literally the point of the Ttemherte slaqî (a character that looks like the inverted exclamation point, U+00A1). 🤦‍♀️

    PS: Way to go with Godwin's Law. You're a real winner¡


    No, that would be a perfect reaction for your first post...so you are a bit late with that, hypocrite!
  • Reply 51 of 54
    anton zuykovanton zuykov Posts: 1,056member
    Soli said:
    I've quoted it several times in a post about iOS passcode complexity, where I made a claim about the level of complexity of said iOS keyboard, to which you tried (and failed) to argue that it takes a lot more than 4 characters to reach 1 billion because of some archaic 
    That is not what I was "arguing" about....but whatever you had projected in your own head, clearly got your panties in a bunch!
  • Reply 52 of 54
    tallest skiltallest skil Posts: 43,388member
    Soli said:
    here are ways in which Unicode character have changed in the past, as well as 94 included errors that won't be fixed for the foreseeable future.
    Oh, neat.
    • U+034F ͏ COMBINING GRAPHEME JOINER (HTML ͏): Does not join graphemes.
    That’s great.
  • Reply 53 of 54
    I think it's safe to assume Apple has already purchased one of these devices and reverse engineered it to see exactly what exploit is being used here....
Sign In or Register to comment.