According to this article on the Verge, the FBI basically wants Apple to create a system that allows them to make an unlimited number of guesses, at speeds of 80 ms per guess. On a 4-digit passcode, this means that the pass-code is cracked in just under 14 minutes. With a 6-digit pass-code, it will be cracked in just about 22 hours.
However, if Apple allowed creation of pass-codes of unlimited length, and someone chose a 10-digit pass-code (if you think that is hard to remember, keep in mind that most people memorise multiple 10-digit phone numbers), then the time required to crack it is around 25 years. However, the FBI or anyone cracking the pass-code also needs to know the length, so they will have to try all the way from 1-digit pass-codes to 10-digit pass-codes. 9-digit pass-codes will take around two and a half years, while 8-digit pass-codes will take 3 months.
So while I do appreciate and support Apple's resistance to the FBI, I think that they will be much better off asking people to set up 10-digit or longer pass-codes in the future.
Where did we start with 4-digit pass-codes? From ATM machines, where people had to enter these numbers by hand? Really, we ought to move towards longer pass-codes and pass-phrases.
This xkcd comic shows how to create secure pass-phrases. Just choose 4–6 words at random and join them together to create a rather secure pass-phrase. Or just use diceware.
Comments
Post a Comment