Replies

These can be tough to break

"Tough" is not the word I would use. "Impossible" is the word I would use.

On an iPhone, with the fact that if you don't get the passcode in ten tries, the data is erased, your only choice is to attempt to brute force break the 256bit AES encryption. The key to that is NOT the user's passcode.

The encryption key is constructed by the iOS Encryption Engine processor and is composed of FOUR elements, only one of which is related to the user's passcode.

The DID: a Device ID: This ID is the same for all devices the IC is installed in and is burned to the Secure Enclave IC when it is made.
The UUID: a Universally Unique ID, an identifying code made up of unique characters assigned randomly at the time the Secure Enclave memory integrated Circuit is first burned in the silicon. No record of this ID is ever kept at the IC maker or anywhere.
A truly random number generated from environmental sensors such as the device's cameras, microphones, position sensors, and gps, when the user first inputs or bypasses inputing his AppleID. This too is stored in the Secure Enclave.
The One-Way Hash of the user's passcode (or a default number used when a user elects to not enter a passcode). This, too is stored in the Secure Enclave. Note that the user's passcode can be anything from a four to six digit number all the way to a 256 character password, which can use all 223 characters that are available on the virtual iOS keyboard. I would not recommend trying to remember a passcode of that length. LOL! However, you could if you wanted.

An algorithm, also stored on the Secure Enclave, is used to entangle the user's passcode into the concatenated UUID, DID, and Random Number (these three total 128 characters before the user's passcode Hash is entangled). In any case, the actual key is padded by the algorithm to at least 144 characters in length to do the encryption decryption EACH TIME THE USER INPUTS A CORRECT PASSCODE, although it can be longer when the user's passcode is entangled.

Once you start to understand the way brute force solving of a 256bit Advanced Encryption Standard (AES) works, you start to realize why "Impossible" is the word to use. The ONLY way to crack a 256 bit AES encryption is to try every possible key until you find the one that works by seeing if you get something intelligent, usable, or translatable when you apply a trial key.

The number of key possibilities is a number that is literally higher than astronomical. For example, if one were to use all 223 characters possible in a string of 256 characters, you get a possible 223²⁵⁶ possible keys you will need to try to find the solution to the encryption, if you were just using a user input key.

How long would it take to try every possible combination of characters and numbers and symbols that could have been used to encrypt your databy brute force, n o? Good question. Because that is what would be required, unless they can force YOU to reveal your passcode.

Let's assume your shooter's iPhone Passcode was a short, but complex, 16 character code. Recall, however, that it was entangled with the iPhone's 128 character UUID, so the base is now 16 + 128 or 223¹⁴⁴, not quite so large as the that previous number, but still huge. . . and quite a bit larger than a Googol.

1,052,019,282,033,700,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000.000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000

That's 1.052 duovigintillion possible combinations, give or take a few.

If the government's supercomputer could check 50,000 passcodes every second against the data, checking to see if anything made sense, It could therefore test 1.5 TRILLION possible passcodes a year. Let's grant the government agency a 33% faster supercomputer and say they could check 2 TRILLION passcodes a year, OK? That means it would take their supercomputer only a mere. . .

5,260,096,410,168,500,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000,000,000.000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 YEARS

to check all the possible passcodes to decipher your encrypted file that had been encoded with your 16 character complex passcode entangled with a 128 character UUID, DID, and environmental random number. It is possible they could, if they were outrageously lucky, get the data deciphered next week, but it more likely will take them a good portion of 5.26 Billion vigintillion (10^195) Years to break into one iPhone's data. Double, triple, quintuple, or even multiply the speed of the government's super computer by a factor of 1 trillion. . . it makes only infinitesimal differences in the amount of time it would take to break your passcode on one iPhone. That's the law of very large numbers at work.

It's estimated that the entire Universe will die a heat death and devolve into a soup of quarks and sub-atomic particles by a mere 4.7 X 10⁸⁰ years. . . yet we are looking at more than THREE TIMES THAT TIME SPAN. That's why "Impossible" is a good word. . . and that's for only a complex 16 character passcode.