That’s for breaking a bcrypt hash, and I don’t believe there’s any way to extract the pin hash from a phone since it happens inside a secure hardware layer (like a TPM). If it is possible, the attacker would most likely have to physically destroy your phone to get at it. To bruteforce a 4 digit pin with retry lockout timers, it takes 16 hours to try all combinations, according to a tool I found that auto-enters pins via usb keyboard emulation.
Comment on Ice obtains access to Israeli-made spyware that can hack phones and encrypted apps
lIlIlIlIlIlIl@lemmy.world 23 hours ago6 digit pin will be broken in less than 40 minutes by a graybox. A 6-digit pin is way more vulnerable than someone who uses a 30-digit password + biometrics
xthexder@l.sw0.com 17 hours ago
lIlIlIlIlIlIl@lemmy.world 10 hours ago
What lockouts? appleinsider.com/…/iphone-hacking-tool-graykey-te…
AdamBomb@lemmy.sdf.org 10 hours ago
The linked article doesn’t mention whether it can bypass the max attempt lockout or not. I’m not saying you’re wrong, but the article you linked does nothing to support your claim.
That said, an alphanumeric password is certainly more secure than a PIN, no doubt.
rc__buggy@sh.itjust.works 23 hours ago
Sure bro, put a 30 character password into your phone every time you want to find the nearest fucking coffee shop.
lIlIlIlIlIlIl@lemmy.world 23 hours ago
I just needed this info out there, I don’t really care what you do - I just need to make sure Lemmy stays safe and you’re spouting leaky insecurity disguised as best practices.
Best of luck
rc__buggy@sh.itjust.works 23 hours ago
I think I just leaked a little right now. I don’t believe you have a 30 character unlock on your phone. That doesn’t make sense on a device someone uses multiple times a day in one hand at like a bus stop or something.
Tangent5280@lemmy.world 9 hours ago
30 characters is like five words. Entirely doable. You can take your favorite TV show, sort character names by some logic and mispell a few of them to make a very strong very long password.
choochooMF@lemmy.world 22 hours ago
I use a 15 character pw with a mix of upper and lower case, numbers, and symbols, which according to that link is pretty damn good.
lIlIlIlIlIlIl@lemmy.world 22 hours ago
Of course I do. FaceID allows me to input it exactly once a week, sometimes less.
What don’t you understand?
lIlIlIlIlIlIl@lemmy.world 23 hours ago
If you’re in the USA and a cop gets your phone they’re going to pop it onto a graybox and will be digging through your shit up to their elbows. I wish I were wrong
rc__buggy@sh.itjust.works 23 hours ago
That’s fine. I didn’t help them.
Tangent5280@lemmy.world 9 hours ago
Hope your high horse can get a job and feed your family when you lose your government career over an edgy Modern Warfare 3 chat lobby
lIlIlIlIlIlIl@lemmy.world 23 hours ago
With biometrics I only enter it once a week, at the very most. It’s insane to me that people want their phones to be less secure, but best of luck to you and your super secure TSA lock on your phone lol
rc__buggy@sh.itjust.works 23 hours ago
'the fuck kind of biometric unlock is that? I’m actually curious what you’re using.
lIlIlIlIlIlIl@lemmy.world 23 hours ago
FaceID on an iPhone