However, if one uses a six digit numeric passcode, it takes more than an hour for any of the unlocking schemes to find the passcodes. The iOS device's Lightning port will stop passing data after an hour, thereby stopping the unlocking device dead in its tracks. The only devices still vulnerable would be those they could get a search warrant within an hour that had only a four digit passcode.
Times to crack an iPhone Passcode using brute force with GreyBox:
Best choice is to select complex passcode and use a mix of numbers, upper and lowercase letters, and symbols. For example: T5#v@&8>
While an 8 digit number has 10,000,000 possible combinations of a set of ten numbers of 0 to 9 in each position, 108, a combination of letters, numbers and the characters available on the iOS keyboard is much larger. There are 223 numbers, upper and lower case alphabetic characters plus foreign characters, and symbols available from the virtual keyboard on an iOS device. Thus the potential passcode combinations are 2238, or slightly more than 6.1 quintillion possible passcode combinations.
Given the 92 days worst case scenario to crack an 8 digit numeric passcode, a complex alphanumeric plus symbol passcode using the GreyBox would require a mere 152.8 BILLION years to crack. . . even now.
But 8 digits is overkill for what's really necessary. . . I think the time to crack a six character complex passcode would be sufficient. That has only 123 Quadrillion possible passcodes which the Greybox would need to crack. That would take only 1.5 million years or so to crack the average case six character passcode, not even the worst case passcode of 7 million years. . . before Apple does the upgrade at the end of this month.
A five character complex passcode has ~551,470,000,000 possible passcodes. That would take about 13,800 years in the worst case scenario or around 6,500 years in the average case.
Use that and I don't think we'd have much to worry about before the authorities or bad guys get at our private stuff.
That description of the passcodes was simply elegant. Other than account numbers etc, I don’t have anything fun to steal. No naked 13 year olds on Epstein Island, no delivery records of my cocaine shipments, no connections to the Baeder Meinhoff gang, etc.
So I don’t see the FBI needing to attack my phone, but those passcodes are simply elegant.
Unless of course saying something defiant or scornful or rude on FR becomes a crime. Then I’ll be on the run I guess.
I'm still failing to understand why Apple would provide the ability to pass in the unlocking password via USB, rather than manually at the screen. Or why Apple would continue to allow password attempts at USB speed after a small number of attempts.