No likey no unlocky

**LondonManc** · 17 February 2016, 18:00

Originally posted by clearedforlanding View Post

The most popular password [*PIN CFL] is 1234 … it’s staggering how popular this password appears to be. Utterly staggering at the lack of imagination …… nearly 11% of the 3.4 million passwords are 1234

PIN number analysis

I wonder how many more match up to the owners bank card PIN?

Oh and shame on the blog for calling it PIN Number. They should throw themselves off the top of Mount Fujiyama.

**clearedforlanding** · 17 February 2016, 18:12

Originally posted by LondonManc View Post

Oh and shame on the blog for calling it PIN Number. They should throw themselves off the top of Mount Fujiyama.

Irritates the hell out of me.

Its interesting for me to think of these stats this way. For every 10000 cards a Romanian/Albanian gang in London pickpockets, with 3 attempts at a PIN, they are going to strike on over 1700 cards just by trying the PINS 1234, 1111 & 0000. (OK, it's a small sample size but I can visualise it). UK average 4 cards per wallet (2 credit & 2 debit), less than 10 marks a day.

∴ Pickpocketing is more profitable than contracting. Looking at the SC questions in the Business / Contracts forum, contracting appears to be a backup plan for when you get busted pickpocketing.

**NigelJK** · 18 February 2016, 08:27

Where does the device store the security number for checking?
If you were the NSA would you let on that you knew how to crack it (what I would call the Bletchley conumdrum)?

Apparently Churhill was notified of the Pearl Harbour attack hours before hand (Bletchly having broken the Japanese Navel code - something no one else managed), think he must have be busy as he completely forgot to mention it to the Yanks.

**DaveB** · 18 February 2016, 08:52

Originally posted by NigelJK View Post

Where does the device store the security number for checking?
If you were the NSA would you let on that you knew how to crack it (what I would call the Bletchley conumdrum)?

Apparently Churhill was notified of the Pearl Harbour attack hours before hand (Bletchly having broken the Japanese Navel code - something no one else managed), think he must have be busy as he completely forgot to mention it to the Yanks.

If you read the links to the technical discussions that Nick posted you'll see.

Essentially every new iPhone (6 onwards) has a unique ID (UID) number hardcoded into a specific CPU ,known as the Secure Enclave, dedicated to the encryption functions that can't be read back and has it's own hardwired access channels. Apple don't keep records of these UID's and there is no way to identify the UID a phone has.

The storage on the phone is encrypted by combining that UID with the owners PIN code and hashing it with AES 256 (IIRC). Even if you take an image of the encrypted disk you can't decrypt it as it needs access to the UID on the specific hardware, and you can't unlock the hardware without the pin code.

This particular case is slightly different as it involves an iPhone 5C, which doesn't use the secure enclave, so there *may* be a way for Apple to do what they have been asked to do but they aren't letting on whether it's possible or not.

The whole thing about Churchill knowing about Pearl Harbour is just another conspiracy theory and has been debunked by several sources.

**NigelJK** · 18 February 2016, 09:30

by combining that UID with the owners PIN code and hashing it with AES 256

And this is stored somewhere for checking yes?

**NigelJK** · 18 February 2016, 09:40

The whole thing about Churchill knowing about Pearl Harbour is just another conspiracy theory and has been debunked by several sources.

American Military History publishers site

Throughout the first year of the war, Churchill bombarded Roosevelt with flattering messages. At the same time, he skillfully manipulated the intelligence he shared with Roosevelt to maneuver America to the brink of war. The Americans had cracked the Japanese diplomatic codes and, in January 1941, they gave the British the Purple and 'Red' decoding machines which allowed the British to read Japanese diplomatic traffic. In return, they expected to be given the German Enigma code machine, so they could break the German codes. The British refused to hand one over. It was not until after the attack on Pearl Harbor that the Americans learned the British had broken the Japanese navy code JN-25.

The British had listening posts in the Far East, with headquarters in Singapore. From 1939, they had been on a war footing and priority was given to intercepting enemy messages and decoding them. Churchill insisted on seeing all JN-25 messages personally.

While America was still at peace, code-breaking was not given priority. Its western-most listening station was in Seattle. Some of the crucial intercepts indicating that the Japanese intended to attack Pearl Harbor were not decoded until after 1945, and due to security considerations, President Roosevelt was often not privy to raw intelligence. There were US liaison officers at the British decoding center in Singapore, but they were not allowed to see raw intelligence and did not even know that the British had broken JN-25. British and Australian intelligence officers sent all their decrypts back to London, assuming that intelligence concerning an attack on Pearl Harbor would be forwarded to the Americans. It was not.

Note that this is not the 'Churchill sent a telegram to Roosevelt' conspiracy here.

**DaveB** · 18 February 2016, 09:55

Originally posted by NigelJK View Post

And this is stored somewhere for checking yes?

No.

At the point of encryption the key is generated from the UID and PIN and used to encrypt the data. The key is then forgotten.

To decrypt the data and gain access the key is generated again each time the phone is unlocked. Once it has been used it is forgotten. The key to decrypt the data is never stored anywhere, only the UID in the secure enclave, and the PIN which only the owner should know.

The only point at which you *may* be able to retrieve the encryption key would be if you had full control of the device and it was unlocked. i.e. you knew the PIN. I doubt it would be a trivial task.

**LondonManc** · 18 February 2016, 10:01

Originally posted by NigelJK View Post

American Military History publishers site

Note that this is not the 'Churchill sent a telegram to Roosevelt' conspiracy here.

Interesting. It also seems to suggest that the American military seemed keen to keep POTUS at arm's length, compared to Winston's active involvement.

**DaveB** · 18 February 2016, 10:03

Originally posted by NigelJK View Post

American Military History publishers site

Note that this is not the 'Churchill sent a telegram to Roosevelt' conspiracy here.

New Light Shed on Churchill and Pearl Harbor - NYTimes.com

Pearl Harbour memo shows US warned of Japanese attack - Telegraph

Yes we had broken the Japanese cypher, but that didn't mean we knew about Pearl Harbour. We had also warned the Americans about Japanese military activity in general, but our own intelligence was flawed and the Americans ignored it anyway.

**TheFaQQer** · 18 February 2016, 10:20

Originally posted by DaveB View Post

New Light Shed on Churchill and Pearl Harbor - NYTimes.com

Pearl Harbour memo shows US warned of Japanese attack - Telegraph

Yes we had broken the Japanese cypher, but that didn't mean we knew about Pearl Harbour. We had also warned the Americans about Japanese military activity in general, but our own intelligence was flawed and the Americans ignored it anyway.

What have I told you before about coming round these parts with your research and facts? We don't need that sort of thing round here.

No likey no unlocky

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

No likey no unlocky

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

Tag Cloud