I was taught that the first principle of security is physical security. Once your attacker has possession of your hardware, decrypting the data is only a matter of time.
They don't even need a brute force attack. If decryption works without a SIM card, then the key is on the device, protected by a code with a mere 10,000 possibilities. For the FBI, isn't that child's play?
Sounds like they could copy the data, extract the algorithm via reverse engineering, and then run it against the archive.
Though this should be ineffective for the secure enclave where additional fuse bits are set unique to a device that add more entropy and black box key derivation to the whole thing
This article sums up my view on this whole issue. I feel that the reason why the authorities are making this into a big issue is to 'make an example' of this case. It indeed seems like getting access to the phone would be a matter of electricity and time.
4 comments
[ 2.9 ms ] story [ 23.5 ms ] threadThey don't even need a brute force attack. If decryption works without a SIM card, then the key is on the device, protected by a code with a mere 10,000 possibilities. For the FBI, isn't that child's play?
Though this should be ineffective for the secure enclave where additional fuse bits are set unique to a device that add more entropy and black box key derivation to the whole thing