nclman

About

Username
nclman
Joined
Visits
1
Last Active
Roles
member
Points
-1
Badges
0
Posts
5

Reactions

1Like0Dislike0Informative

  • Professor proves NAND mirroring attack thwarts iPhone 5c security protocols

    nclmannclman
    Soli said:
    a–z = 26
    A–Z = 26
    0–9 = 10
    e + 7
    y + 1
    u + 5
    i + 6
    o + 8
    a + 8
    s + 3
    l + 1
    z + 3
    c + 3
    n + 2
    E + 7
    Y + 1
    U + 5
    I + 6
    O + 8
    A + 8
    S + 2
    L + 1
    Z + 3
    C + 3
    N + 2
    0 + 1
    - + 3
    / + 1
    $ + 6
    & + 1
    " + 5
    . + 1
    ? + 1
    ! + 1
    ' + 3
    % + 1
    Space Bar = 1


    qwertyuiop èéêëēėę ÿ ûüùúū îïíīįì ôöòóœøōõ
    asdfghjkl àáâäæãåā ßśš ł 
    zxcvbnm žźż çćč ñń

    QWERTYUIOP ÈÉÊËĒĖĘ Ÿ ÛÜÙÚŪ ÎÏÍĪĮÌ ÔÖÒÓŒØŌÕ
    ASDFGHJKL ÀÁÂÄÆÃÅĀ ŚŠ Ł
    ZXCVBNM ŽŹŻ ÇĆČ ÑŃ

    1234567890 °
    -/:;()$&@" –—• \ ₽¥€¢£₩ § ”“„»«
    .,?!' … ¿ ¡ ’‘`

    []{}#%^*+= ‰
    _\|~<>€£¥•
    Space Bar

    That's a lot of options even before you consider emoji is Unicode and could be added at anytime to the complexity of the keyboard options, along with many other characters.
    A strong password would help, yes.
    That is regardless of with/without Secure Enclave.
    watto_cobra

  • Professor proves NAND mirroring attack thwarts iPhone 5c security protocols

    nclmannclman
    4a6d65 said:
    I agree with foggyhill and EsquireCats. It's going to scaremonger people as well that don't understand that this type of attack can't work on those devices with a SecureEnclave.
    Why not? The Secure Enclave is not changed in this case. Hence, UID/GID used to wrap the protection class keys are valid. And the data to be read in NAND is unchanged.

    I would argue that unless the Secure Enclave is using also the NAND device ID in its data protection, this method should work as well.
    What am I missing...