The FBI has suspended proceeds agains Apple in the case where they were attempting to force Apple to write a custom OS for the use of the government to gain access to an iPhone 5C.
In all likelihood, this is the end of the case, though the FBI has until April 4th to resume the case.
All recent iOS devices have two very important security features that cannot be overcome. First, all attempts to check the password must be done on the phone. Second, there is a hardware limit of 80ms (0.08 seconds) before you can check another password. Neither of these security limits can be changed, subverted, overcome, bypassed, or in any way mitigated.
Because of the hardware limit of 80ms per guess, short alphanumeric passwords are very secure in iOS. For example, a 6 character password using only 0-9A-Za-z yields a password that takes well more than a century to crack:
(62^6) * 80 ms = 52,592.8107 days
Even using ONLY A-Za-z would take 50 years:
(52^6) * 80 ms = 50.1204957 years
Increase it to 8 characters and it’s 135 thousand years. 8 characters of upper and lower case. Yes, a password like frjAgntq would take 135 thousand years to crack, regardless of how fast your computer is. Hell, with 8 characters even an all cap or all lowercase password (assuming you know the password is using only A-Z) is still over 500 years.
That’s right, a random password of zafheenp will take until the 26th century to crack, just based on the hardware limit of 80ms per guess.
If you count all the 102 characters on the 4 iOS keyboards (not counting any longpress characters) then a six digit password would take nearly three thousand years to check all possible combinations and an 8 character password would take 30 million years.
BBEdit is one of the few applications that I use every day. It may seem strange to pay for a text editor, but BBEdit is such a joy to use and does so much for me that I find myself using it even where they might be other tools that might be more efficient. For example, I tend to use BBEdit via a shell worksheet to batch rename files, even though that functionality is built-in to the Finder.
Every now and again I’m going to post about a product I like. These are unsolicited and unpaid. Today. I’m going to talk about the ATR2100-USB, which I bought from Amazon for about $50. The prices seem to vary frequently, so it is going to be in the $40-$60 range. Continue reading Non-sponsor ATR2100
We’re three (or maybe four) weeks away from the next Apple event, and it looks like this one is going to combine the new iPhone and iPad announcements into one event. Does this mean Apple is leaving October open for another announcement?
Continue reading The Rumor Mill
Well, the Pebble Time watch band has recently caused a rash on my wrist. There’s no blistering, but the rash is a bit tender and I’m not sure I can keep wearing the watch.
As far as I know, I am not allergic to latex, so I don’t know what has caused this.
There’s been a lot of discussion, both on the web and in podcasts, about the broken state of web advertising. On the one hand, you have people who make their livings because of advertising pointing out that without ads, they can’t make money and they can’t provide “free” content to users and that users will not pay for content.
On the other hand you have users who are saying, “No, your ads suck.” And they are right.
Continue reading No, really, web advertising is broken