[Cryptography] Apple's 10 strikes law
Kevin W. Wall
kevin.w.wall at gmail.com
Sat Feb 20 19:01:08 EST 2016
On Sat, Feb 20, 2016 at 6:21 PM, Henry Baker <hbaker1 at pipeline.com> wrote:
> It appears that Apple's iPhone gives you 10 tries to guess your passcode before locking up the phone forever.
>
> There are several problems with this plan:
>
> * the number 10 is an arbitrary constant set in the code; it's too easy to change.
> * the time between each guess is the same (??? I think).
Ah, I just came across this yesterday:
http://cinnamonthoughts.org/2010/09/13/ios-passcode-waiting-intervals-for-failed-attempts/>
Guesses 1-5 are no delay, but then it starts increasing from there.
It's an hour between that last two tries. I think they pretty much had
to do that if no other reason than to reduce the risk of one's friend
tracking to hack another's passcode while the one leaves his phone
behind while in the restroom, etc.
-kevin
--
Blog: http://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall
NSA: All your crypto bit are belong to us.
More information about the cryptography
mailing list