<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Mon, Feb 29, 2016 at 5:04 PM, Tony Arcieri <span dir="ltr"><<a href="mailto:bascule@gmail.com" target="_blank">bascule@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span class="">On Mon, Feb 29, 2016 at 1:55 AM, Tom Mitchell <span dir="ltr"><<a href="mailto:mitch@niftyegg.com" target="_blank">mitch@niftyegg.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">With a four number PIN there are 9999 keys for the <div>data on the phone. All other secrets are constants.</div></div></blockquote></span></div></div></div></blockquote><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">The net is the device can encrypt data with <div>a small set of possible keys. Only the PIN is a variable</div><div>for a given device.<br></div></div></blockquote><div><br></div></span><div>The UID key is unique-per-device too. There are more potential keys for iPhones than there are atoms in the universe.</div></div></div></div></blockquote><div><br></div><div>My point is that this one individual device (singular) has a limited set of keys</div><div>that it will employ to encrypt any data.</div><div><br>Given a binary dump of an encrypted phone with no additional</div><div>information it is a problem of more keys than the atoms in the </div><div>universe. Not the case for an individual phone however.</div><div><br></div><div>The atoms of the universe does not apply if you are Apple.<br>A large part of the key space is fixed by the fixed Apple</div><div>device secrets. Apple has no record of the device internal ID and </div><div>no knowledge of the PIN but their secret does limit the key space</div><div>used in all phones of the same type.</div><div><br></div><div>The limited set of keys is generated from three things: the device unique id, </div><div>Apple's secret key same on all like phones and the user controlled PIN.</div><div><br></div><div>Once the binary contents of the encrypted file system are pulled</div><div>from the flash device. Should the device be connected to a computer</div><div>or phone network it will reset, reboot reload and operate with the same</div><div>internal secrets it has always had.</div><div>Setting the four number PIN will start encrypting the phone in one of the 10000 </div><div>possible ways that this one phone can use in this mode. </div><div><br></div><div>Is there any component of the encrypted data that can validate</div><div>or dismiss the key and move on to the next? </div><div><br></div><div>Simple tricks might change the 10000 to many many more with </div><div>a little effort at boot time.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>You might try reading Matt Green's blog post:</div><div><br></div><div><a href="http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html" target="_blank">http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html</a></div></div></div></div></blockquote><div><br></div><div>Thanks for the link. </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span class=""><font color="#888888"><div><br></div></font></span></div><span class=""><font color="#888888">-- <br><div>Tony Arcieri<br></div>
</font></span></div></div>
</blockquote></div><div class="gmail_extra"><br></div>This is interesting:<span style="color:rgb(102,102,102);font-family:'Trebuchet MS',Trebuchet,Verdana,sans-serif;font-size:12px;line-height:16.8px;text-align:justify"> </span></div><div class="gmail_extra"><span style="color:rgb(102,102,102);font-family:'Trebuchet MS',Trebuchet,Verdana,sans-serif;font-size:12px;line-height:16.8px;text-align:justify"> "If the cracking is done on the devise itself, it </span></div><div class="gmail_extra"><span style="color:rgb(102,102,102);font-family:'Trebuchet MS',Trebuchet,Verdana,sans-serif;font-size:12px;line-height:16.8px;text-align:justify"> would take 5½ year for a 6 character lowercase/digit password."<br></span>And obviously if the pass key was a 4 number PIN the time could be less.<br><br>Summary: cracking AES is very hard, unless you can peel off most of the key bits</div><div class="gmail_extra">into a constant known to the hardware. <br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>