From page 12 of Apple’s most recent iOS security whitepaper:
By setting up a device passcode, the user automatically enables
Data Protection. iOS supports six-digit, four-digit, and
arbitrary-length alphanumeric passcodes. In addition to unlocking
the device, a passcode provides entropy for certain encryption
keys. This means an attacker in possession of a device can’t get
access to data in specific protection classes without the
The passcode is entangled with the device’s UID, so brute-force
attempts must be performed on the device under attack. A large
iteration count is used to make each attempt slower. The iteration
count is calibrated so that one attempt takes approximately 80
milliseconds. This means it would take more than 5.5 years to try
all combinations of a six-character alphanumeric passcode with
lowercase letters and numbers.
The stronger the user passcode is, the stronger the encryption key
becomes. Touch ID can be used to enhance this equation by enabling
the user to establish a much stronger passcode than would
otherwise be practical. This increases the effective amount of
entropy protecting the encryption keys used for Data Protection,
without adversely affecting the user experience of unlocking an
iOS device multiple times throughout the day.
To further discourage brute-force passcode attacks, there are
escalating time delays after the entry of an invalid passcode at
the Lock screen. If Settings → Touch ID & Passcode → Erase Data is
turned on, the device will automatically wipe after 10 consecutive
incorrect attempts to enter the passcode. This setting is also
available as an administrative policy through mobile device
management (MDM) and Exchange ActiveSync, and can be set to a
On devices with an A7 or later A-series processor, the delays are
enforced by the Secure Enclave. If the device is restarted during
a timed delay, the delay is still enforced, with the timer
starting over for the current period.
The question of the day is whether the code on the Secure Enclave that enforces these brute force countermeasures can be flash-updated (by Apple) to circumvent them. With the iPhone 5C in the current debate, the FBI wants Apple to update iOS itself to circumvent the brute force countermeasures. With an iPhone 5S or any of the 6-series iPhones, iOS is not involved. But if Apple can technically update the code that executes on the Secure Enclave, then the point is moot. The same kind of court order that requires Apple to provide the FBI with a custom (insecure) version of iOS could compel them to provide the FBI with a custom (insecure) ROM for the Secure Enclave.
Update: Rich Mogull, on Twitter, responding to my question here:
@gruber It is my understanding, from background sources, that all
devices are vulnerable.
And Farhad Manjoo:
By the way according to Apple it is not true that an iOS rewrite
of the sort the FBI is asking for here wouldn’t work on newer
In other words, a flash update to the Secure Enclave could make new iPhones more susceptible to brute force passcode cracking.
★ Wednesday, 17 February 2016