Feature, information leak, same thing. \u00a0At least sometimes? \u00a0It turns out this is the fact with the iPhone 5 and strong passcodes.<\/p>\n
Many people are familiar with passcodes used to protect phones now-a-days. \u00a0These passcodes are used to unlock the phone for use after a period of disuse (such a minute, 5 minutes, or even instantly as soon as the screen is turned off). \u00a0The iPhone 5 supports two types of passcodes, “simple” and otherwise. \u00a0Simple passcodes are limited to numbers only, and always have a length of 4. \u00a0Non-simple passcodes can use letters and numbers and can be up to 10 characters long. \u00a0Since simple passcodes only involve numbers, the input screen shows a number pad for input. \u00a0However, with complex passcodes, the situation is different.<\/p>\n
With complex passcodes, if we have both letters and numbers in our passcode, the input screen shows the standard on screen QWERTY keyboard. \u00a0However, if a complex passcode only contains numbers (greatly reducing the complexity and attack space), the QWERTY keyboard is not shown, and only a number pad is shown. \u00a0This usability (?) choice (?) directly reveals that numeric-only complex passcodes are numeric-only to potential attackers without them having to know anything about the password and greatly reduces the security of numeric-only passcodes. \u00a0However, who wants to enter numbers on a QWERTY keyboard on a touch screen?<\/p>\n
Choices.<\/p>\n","protected":false},"excerpt":{"rendered":"
Feature, information leak, same thing. \u00a0At least sometimes? \u00a0It turns out this is the fact with the iPhone 5 and strong passcodes. Many people are familiar with passcodes used to protect phones now-a-days. \u00a0These passcodes are used to unlock the … Continue reading