[Cryptography] How can you enter a 256-bit key in 12 decimal digits?
Jerry Leichter
leichter at lrw.com
Tue Jan 5 03:18:31 EST 2016
>> It's possible there's some sort of high-entropy on-device secret. There are
>> also ways of generating these secrets in such a way that attempts to
>> physically tamper with the device will destroy the secret generator, e.g.
>> https://en.wikipedia.org/wiki/Physical_unclonable_function
> the point is though that if they steal the device, then they
> steal the high-entropy on-device secret along with it. They
> only have to hook up their serial port to the wires that
> the buttons connect to, and try the 10^12 combinations. They
> never have to try to work out the high-entropy secret.
Since this configuration forces you to go through the hardware, it can easily impose, say, a limit on the total number of failed tries before it wipes the secret. Or a limit on the rate of tries. Either way, this makes an attack dependent on either a way to get the secret out of the hardware, or on some hack to prevent the hardware from tracking tries. (This is, BTW, the iPhone model - and that latter bug was indeed present in earlier iPhones - you could cut the power between the time the phone rejected an unlock code and the time it updated its counter of failed attempts. I believe that's since been fixed.)
-- Jerry
More information about the cryptography
mailing list