Skip to main content

Thoughts on Apple vs the FBI

According to this article on the Verge, the FBI basically wants Apple to create a system that allows them to make an unlimited number of guesses, at speeds of 80 ms per guess. On a 4-digit passcode, this means that the pass-code is cracked in just under 14 minutes. With a 6-digit pass-code, it will be cracked in just about 22 hours.

However, if Apple allowed creation of pass-codes of unlimited length, and someone chose a 10-digit pass-code (if you think that is hard to remember, keep in mind that most people memorise multiple 10-digit phone numbers), then the time required to crack it is around 25 years. However, the FBI or anyone cracking the pass-code also needs to know the length, so they will have to try all the way from 1-digit pass-codes to 10-digit pass-codes. 9-digit pass-codes will take around two and a half years, while 8-digit pass-codes will take 3 months.

So while I do appreciate and support Apple's resistance to the FBI, I think that they will be much better off asking people to set up 10-digit or longer pass-codes in the future.

Where did we start with 4-digit pass-codes? From ATM machines, where people had to enter these numbers by hand? Really, we ought to move towards longer pass-codes and pass-phrases.

This xkcd comic shows how to create secure pass-phrases. Just choose 4–6 words at random and join them together to create a rather secure pass-phrase. Or just use diceware.

Popular posts from this blog

Progressive Snapshot: Is it worth it?

I turned 25 last year, which in the highly mathematical and calculating eyes of the US insurance industry meant that I had suddenly matured into a much more responsible driver than I was at 24 years and 364 days of age. As a result, I expected my insurance rates to go down. Imagine my surprise when my insurance renewal notice from GEICO actually quoted a $50 increase in my insurance rates. To me, this was a clear signal that it was time to switch companies.Typically, I score really high on brand loyalty. I tend to stick with a brand for as long as possible, unless they really mess up. This qualified as a major mess up. As a result, I started shopping for insurance quotes.Two companies that quoted me significantly lower rates (30%–40% lower) were Progressive and Allstate. Both had an optional programme that could give me further discounts based on my consenting to the companies tracking my driving habits. Now, I am a careful driver – I hardly ever accelerate hard. I hate using the brak…

Build those noise cancelling headphones

So, here's another DIYLet me start by putting the cart before the horse. I shall start with the credits. This project was done while I was working on my Electronics Design Lab, along with my friends, Srujan M and Indrasen Bhattacharya. The work would not have been possible without the generous help received from the staff at Wadhwani Electronics Laboratory, who ensured that the only thing we did right was to leave the lab on time. This project would also not have been possible without the guidance of our dear and learned professors. It would probably have just about become additional dead weight on the head.Enough with the credits, now, I need to dive right into noise cancellation and how it works.The essence of sound is a pressure wave. The pressure wave, when incident on the eardrum sets into motion the complex mechanisms inside the ear, and after a long path, rather like the Cog advertisement, ends up making some nerves vibrate. The nerves send electrical signals to the brain, …

Reading List, December 2017

Brian Merchant, How email open tracking quietly took over the world, in Wired, 11 December 2017. [Online]: https://www.wired.com/story/how-email-open-tracking-quietly-took-over-the-web/It is no longer a secret that every website you visit silently tracks you in an effort to maximise ad revenue. What is less known is that emails also track you, through the use of tracking pixels and redirect links. These techniques were used by spammers and legitimate companies alike when creating newsletters or other mass email, in order to figure out their reach. What’s happening now is that private people are also using these techniques in order to create invisible and intrusive read receipts for email, which is incredibly frustrating from a privacy point of view.My solution to the tracking woes? I only open the plain-text component of email, which gets rid of tracking pixels entirely. Redirect links are harder to beat, and I don’t have a good solution for this.Dan Luu, Computer latency 1977–2017. D…