That’s for breaking a bcrypt hash, and I don’t believe there’s any way to extract the pin hash from a phone since it happens inside a secure hardware layer (like a TPM). If it is possible, the attacker would most likely have to physically destroy your phone to get at it. To bruteforce a 4 digit pin with retry lockout timers, it takes 16 hours to try all combinations, according to a tool I found that auto-enters pins via usb keyboard emulation.
Comment on Ice obtains access to Israeli-made spyware that can hack phones and encrypted apps
lIlIlIlIlIlIl@lemmy.world 1 month ago6 digit pin will be broken in less than 40 minutes by a graybox. A 6-digit pin is way more vulnerable than someone who uses a 30-digit password + biometrics
xthexder@l.sw0.com 1 month ago
lIlIlIlIlIlIl@lemmy.world 1 month ago
What lockouts? appleinsider.com/…/iphone-hacking-tool-graykey-te…
AdamBomb@lemmy.sdf.org 1 month ago
The linked article doesn’t mention whether it can bypass the max attempt lockout or not. I’m not saying you’re wrong, but the article you linked does nothing to support your claim.
That said, an alphanumeric password is certainly more secure than a PIN, no doubt.
rc__buggy@sh.itjust.works 1 month ago
Sure bro, put a 30 character password into your phone every time you want to find the nearest fucking coffee shop.
lIlIlIlIlIlIl@lemmy.world 1 month ago
I just needed this info out there, I don’t really care what you do - I just need to make sure Lemmy stays safe and you’re spouting leaky insecurity disguised as best practices.
Best of luck
rc__buggy@sh.itjust.works 1 month ago
I think I just leaked a little right now. I don’t believe you have a 30 character unlock on your phone. That doesn’t make sense on a device someone uses multiple times a day in one hand at like a bus stop or something.
choochooMF@lemmy.world 1 month ago
I use a 15 character pw with a mix of upper and lower case, numbers, and symbols, which according to that link is pretty damn good.
lIlIlIlIlIlIl@lemmy.world 1 month ago
Of course I do. FaceID allows me to input it exactly once a week, sometimes less.
What don’t you understand?
Tangent5280@lemmy.world 1 month ago
30 characters is like five words. Entirely doable. You can take your favorite TV show, sort character names by some logic and mispell a few of them to make a very strong very long password.
lIlIlIlIlIlIl@lemmy.world 1 month ago
If you’re in the USA and a cop gets your phone they’re going to pop it onto a graybox and will be digging through your shit up to their elbows. I wish I were wrong
rc__buggy@sh.itjust.works 1 month ago
That’s fine. I didn’t help them.
Tangent5280@lemmy.world 1 month ago
Hope your high horse can get a job and feed your family when you lose your government career over an edgy Modern Warfare 3 chat lobby
lIlIlIlIlIlIl@lemmy.world 1 month ago
With biometrics I only enter it once a week, at the very most. It’s insane to me that people want their phones to be less secure, but best of luck to you and your super secure TSA lock on your phone lol
rc__buggy@sh.itjust.works 1 month ago
'the fuck kind of biometric unlock is that? I’m actually curious what you’re using.
lIlIlIlIlIlIl@lemmy.world 1 month ago
FaceID on an iPhone