[Cryptography] Apple's 10 strikes law
Henry Baker
hbaker1 at pipeline.com
Sat Feb 20 18:21:18 EST 2016
It appears that Apple's iPhone gives you 10 tries to guess your passcode before locking up the phone forever.
There are several problems with this plan:
* the number 10 is an arbitrary constant set in the code; it's too easy to change.
* the time between each guess is the same (??? I think).
What about the following idea:
Your iPhone is encrypted with a *malleable* key, but only the real key works.
Every wrong guess randomly destroys part of the key, so that your iPhone now has to brute force guess the remaining bits in a manner similar to Bitcoin's proof-of-work.
The more wrong guesses, the more bits of the key are destroyed and have to be regenerated through brute force trials.
Yes, after 10 wrong guesses, you could brute force 40,50,60 the remaining bits, but it would take millenia.
More information about the cryptography
mailing list