Replies

On iPhone security:

While four digits is easy to remember, and can be entered quickly, the benefits of a longer password are profound. In their report on iPhone security, MIT’s Technology Review writes that software to “brute forces” iPhone passcodes by simply entering every possible four digit combination takes 800 milliseconds, or about 13 minutes.

Once a longer more complex passcode is in place, the time to crack quickly moves into unfeasible territory. Technology Review writes, “if the user chooses a six-digit PIN, the maximum time required would be 55 days; an eight-digit PIN would require more than 15 years.”

This isn’t a new feature to the iPhone operating system. In fact, it appears to have been around since around the introduction of the iPhone 3GS. Having a longer passcode is more than just a good way to keep out snoopy neighbors looking to brute force your phone. Technology Review notes that in addition to locking your phone, the passcode is tied to the phone’s encryption system.

Once you enter a passcode, four digits or otherwise, the iPhone automatically enables its data protection system. To encrypt information on the phone, Apple uses the Advanced Encryption Standard algorithm, which is the same standard adopted by the NSA. Each iOS device contains two unique 256-bit AES key which Apple explains in security whitepaper from this May are “fused into the application processor during manufacturing.”

It’s the combination of these AES keys and the user’s passcode that encrypts and decrypts files on the iPhone. “In addition to unlocking the device, a passcode provides the entropy for encryption keys, which are not stored on the device,” writes Apple in the whitepaper. “This means an attacker in possession of a device can’t get access to data in certain protection classes without the passcode.”

http://www.idigitaltimes.com/articles/10771/20120813/iphone-simple-passcode.htm