Challenge Graykey: how to keep your iPhone from cracking in a thousand years! -


Post Top Ad

Post Top Ad

Tuesday, 17 April 2018

Challenge Graykey: how to keep your iPhone from cracking in a thousand years!

Since a few weeks ago the existence of GrayKey is known , a device capable of unlocking any iPhone model even if it has the most up-to-date iOS. After years of having to send the iPhone of suspects to specialized companies, it seems that finally any police station that is done with it, will be able to unblock them in a very short time .

But are not the only ones. If iPhone theft is the order of the day, imagine what will happen when the GrayKey reach the black market and can crack all the iPhone that stolen a day.

In general, the obtaining of passwords in computer science goes through the classic trial and error , also known as brute force. That is, an algorithm enters passwords consecutively until it hits the good one. Until now, the only protection that existed is that if you try to enter a wrong password a certain number of times, the device is blocked for a while.

Precisely these gadgets to unlock iPhone what they do is exploit security exploits to eliminate these delays and keep trying with more and more passwords.

With the full-fledged GreyKey, assistant professor and cryptographer Matthew Green has posted on Twitter how much time it would take to unlock an iPhone based on the type of password we use . The result is very revealing and very disappointing at the same time:

    Guide to iOS estimated passcode cracking times (assumes random decimal passcode + an exploit that breaks SEP throttling):

    4 digits: ~ 13min worst (~ 6.5avg)
    6 digits: ~ 22.2hrs worst (~ 11.1avg)
    8 digits: ~ 92.5days worst (~ 46avg)
    10 digits: ~ 9259days worst (~ 4629avg)
    - Matthew Green (@matthew_d_green) April 16, 2018

It may interest you | What to do if you forget the unlock code of your iPhone or iPad
How to choose a secure password?

Even if you use Touch ID or Face ID, it is highly recommended that you set a security code to unlock your iPhone . This way you will prevent anyone who picks up your device from accessing the information it contains.

In general, most of them usually configure 4-character PIN codes , however it is possible to change it to other more robust and secure codes such as:
- Custom numeric code.
- Custom alphanumeric code.

The main advantages they present , which translate into greater security in so much as finding the password will be a longer process, is that they do not have a fixed length, but you choose it to your liking.

In the second case, besides not only there are 10 options - the numbers from 0 to 9 -, but also all the letters of the alphabet are included, increasing the options up to 72 - alphabet of 26 uppercase letters and 26 lowercase, 10 figures and 10 unconventional characters -. Therefore, they will need more time and more processing power .

Yes, some pure logic: the longer and more complex a password , the easier it is to forget it and the more time it will take to introduce it. It's the price of security.

Although you hated it in your student days, probability and statistics are very useful sciences in daily life that serve precisely to unravel this mystery.

Specifically we will have to remember the day you learned permutations, variations and combinations . No, I will not explain all of them, but in this Vitutor article, everything is very well summarized.

Once reviewed, it is as easy as thinking about the 4-digit codes: we have to guess what number each of the four places occupies and in what position. It is not the same 1234 as 4321.

    If you use a 4-digit PIN, the possible combinations are: 10 ^ 4 = 10,000.

    But if you use a PIN with 4 alphanumeric characters, the combinations are 72 ^ 4 = 26.873.856

If with Green's tweet it was already seen that only lengthening the numerical code made the task very difficult , with this small calculation it is clear that an alphanumeric password will always be better no matter how short a 4-digit PIN.

Currently, the processing time is 4 billion calculations per second, as we read in Welivesecurity , so that the 4-character alphanumeric key could be obtained in less than one hundredth of a second . It is insufficient, but much longer than the classic PIN would cost.

What length of code is safe?

Given this, it is clear that not only do we have to use an alphanumeric code, but this must be long. As a reference, using 10 characters exceeds 3 trillion combinations, reaching 30 years of processing. With 11 characters we go to more than 2,000 years. We have found an insurmountable key! At least, with today's technology

    The key to success: 11 random characters combining numbers, uppercase and lowercase letters ... will you be able to remember it?

The problem of going to 10 or 11 alphanumeric characters is comfort and ergonomics . Precisely for this reason, Green tries to keep us alone in the figures: while introducing a series of numbers on the numeric keypad is comfortable and fast, when passing to the alphanumeric many of us end up entering words to avoid mistakes, making the task easier for intruders.

And we finished with something as simple as the name of your dog and your date of birth "Lola1985". Try by all means to avoid the typical words like the name of your pet or information that can be easily removed by checking your social networks.

So you know, the summary of all this is that you forget the 4-digit PIN and use any of the other two options in a compromise between comfort and security . 

No comments:

Post a Comment

Post Top Ad