Using This Phone Passcode Strategy Will Take The FBI 127 Years To Crack Your Encrypted Data

password-704252_960_720By Mac Slavo

Note To Readers: This report is based on the assumption that Apple is on the up-and-up about their refusal to create backdoor tools for the FBI. As we know, however, intelligence agencies are experts at disinformation, so for all we know it is possible that backdoors already exist and what we have witnessed this week insofar as the encryption debate is concerned could be a psy-op designed to convince the public that their encryption is unhackable by government agencies. From a security perspective, we must assume that no electronic device is safe from prying eyes, as most theories on these matters are based on publicly known technologies and do not take into account top-secret developments with quantum computing or advanced DARPA initiatives. 

Earlier this week Apple CEO Tim Cook wrote an open letter to the American public about the FBI’s attempts to compel the company to crack the iPhone of the San Bernardino Jihad attackers, saying that such a tool for the government is too dangerous to create. Google, Facebook and Twitter have now joined Apple in the phone encryption battle.


As explained by The Intercept, here’s a brief overview of what the FBI wants Apple to do:

The most obvious way to try and crack into your iPhone, and what the FBI is trying to do in the San Bernardino case, is to simply run through every possible passcode until the correct one is discovered and the phone is unlocked. This is known as a “brute force” attack.

One obstacle to testing all possible passcodes is that the iPhone intentionally slows down after you guess wrong a few times. An attacker can try four incorrect passcodes before she’s forced to wait one minute. If she continues to guess wrong, the time delay increases to five minutes, 15 minutes, and finally one hour. There’s even a setting to erase all data on the iPhone after 10 wrong guesses.



This is where the FBI’s requested backdoor comes into play. The FBI is demanding that Apple create a special version of the iPhone’s operating system, iOS, that removes the time delays and ignores the data erasure setting. The FBI could install this malicious software on the San Bernardino killer’s iPhone, brute force the passcode, unlock the phone, and access all of its data. And that process could hypothetically be repeated on anyone else’s iPhone.

The problem the FBI has is that the iPhone and other phones out there require a time-delay between passcode entries. Moreover, when a series of wrong passcodes is entered the delay is extended to as much as one hour, so even the fastest computer on the planet is rendered impotent while it waits for this delay to reset.

So the FBI is stuck using your iPhone to test passcodes. And it turns out that your iPhone is kind of slow at that: iPhones intentionally encrypt data in such a way that they must spend about 80 milliseconds doing the math needed to test a passcode, according to Apple. That limits them to testing 12.5 passcode guesses per second, which means that guessing a six-digit passcode would take, at most, just over 22 hours.

A six-digit passcode can be unlocked by the FBI in roughly a day. But according to the math behind the security feature, adding just 5 more digits could make hacking the phone in your lifetime almost impossible with current computing technologies (we’ll save quantum computing concepts for another time):

What if you use a longer passcode? Here’s how long the FBI would need:

  • seven-digit passcodes will take up to 9.2 days, and on average 4.6 days, to crack
  • eight-digit passcodes will take up to three months, and on average 46 days, to crack
  • nine-digit passcodes will take up to 2.5 years, and on average 1.2 years, to crack
  • 10-digit passcodes will take up to 25 years, and on average 12.6 years, to crack
  • 11-digit passcodes will take up to 253 years, and on average 127 years, to crack
  • 12-digit passcodes will take up to 2,536 years, and on average 1,268 years, to crack
  • 13-digit passcodes will take up to 25,367 years, and on average 12,683 years, to crack

As The Intercept notes, remembering a totally random 11-digit passcode may seem like a daunting task, but anyone who was around before cell phone contact lists probably had at least five to ten different phone numbers memorized for family and close friends. This is essentially the same thing.

How to Disappear Off the Grid Completely (Ad)

As a side note, using your phone’s fingerprint scanner as the primary mechanism for security is not sufficient.

First, a determined hacker, especially a state-sponsored one, could easily find a way to get your fingerprint, just as was done to Germany’s Minister of Defence in 2014 when hackers used internet photos of her hand to re-create her fingerprint. Second, and perhaps more importantly, a Virginia court has ruled you can be forced by police to unlock a phone or computer with your fingerprint – but not your password:

A Virginia state trial court held that a suspect “cannot be compelled [by the police] to produce his passcode to access his smartphone but he can be compelled to produce his fingerprint to do the same.”

….

Judge Frucci ruled that phone passwords were entitled to protection under the Fifth Amendment’s promise that no person “shall be compelled in any criminal case to be a witness against himself.”He stressed that the password existed only in the defendant’s mind, and thus compelling the defendant to provide a passcode constituted a testimonial communication. The Fifth Amendment protects against such compulsion.

We live in a brave new world, and while you may think you have nothing to hide, keep in mind that with the literal millions of laws on the books in the United States the average American commits three felonies per day. Thus, if a law enforcement agency were to target you, they would most certainly find evidence of wrongdoing and you can be assured that your phone will be one of the first pieces of evidence they will target.

Also Read:

You can read more from Mac Slavo at his site SHTFplan.com

  • Feb 19, 2016 Santa Clara County Hearing on Surveillance Reform – Feb. 11, 2016

    Santa Clara County Board of Supervisors Finance and Government Operations Committee hearing on a proposed surveillance reform ordinance. EFF Director of Grassroots Advocacy Shahid Buttar speaks during public comment.

    https://youtu.be/xBejdoSgWwA

    FEBRUARY 16, 2016 EFF to Support Apple in Encryption Battle

    We learned on Tuesday evening that a U.S. federal magistrate judge ordered Apple to backdoor an iPhone that was used by one of the perpetrators of the San Bernardino shootings in December. Apple is fighting the order which would compromise the security of all its users around the world.

    https://www.eff.org/deeplinks/2016/02/eff-support-apple-encryption-battle

  • 500 Years of History Shows that Mass Spying Is Always Aimed at Crushing Dissent

    *It’s Never to Protect Us From Bad Guys*, No matter which government conducts mass surveillance, they also do it to crush dissent, and then give a false rationale for why they’re doing it.

    http://www.washingtonsblog.com/2014/01/government-spying-citizens-always-focuses-crushing-dissent-keeping-us-safe.html

  • John Michaelson

    I think you need to be pretty naive to think this is about getting the data off one phone. Do you really believe that the full resources of the US government are unable to get the data off a device they have in their possession? Of course they can. This is about publicly getting people to understand that they can’t keep anything secret from their mighty owners and masters. They want you to know this and passively accept it. The rest of the story is pure theater.

    • Wandalhacker

      ::f219Work At Home….Special Report….Earn 18k+ per monthfew days ago new McLaren. F1 bought after earning 18,512$,,,this was my previous month’s paycheck ,and-a little over, 17k$ Last month ..3-5 h/r of work a days ..with extra open doors & weekly. paychecks.. it’s realy the easiest work I have ever Do.. I Joined This 7 months ago and now making over 87$, p/h.Learn. More right Here::f219➤➤➤➤➤ http://www.easytechjob.com.­nu .❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:❦2:::::::f219……

    • Joel W

      You nailed it. I question if there even is a phone. Also a PR stunt on Apple’s part, as if they are suddenly all noble and whatnot, in my opinion.

  • georgesilver

    I’ve got a much better encryption system than this. It’s completely fool proof.

    I don’t have a phone.

Thank you for sharing.
Follow us to receive the latest updates.

Like Us On Facebook
Follow Us On Twitter

Send this to friend