Comment on Ice obtains access to Israeli-made spyware that can hack phones and encrypted apps
xthexder@l.sw0.com 4 weeks agoThat’s for breaking a bcrypt hash, and I don’t believe there’s any way to extract the pin hash from a phone since it happens inside a secure hardware layer (like a TPM). If it is possible, the attacker would most likely have to physically destroy your phone to get at it. To bruteforce a 4 digit pin with retry lockout timers, it takes 16 hours to try all combinations, according to a tool I found that auto-enters pins via usb keyboard emulation.
lIlIlIlIlIlIl@lemmy.world 4 weeks ago
What lockouts? appleinsider.com/…/iphone-hacking-tool-graykey-te…
AdamBomb@lemmy.sdf.org 4 weeks ago
The linked article doesn’t mention whether it can bypass the max attempt lockout or not. I’m not saying you’re wrong, but the article you linked does nothing to support your claim.
That said, an alphanumeric password is certainly more secure than a PIN, no doubt.