It's most software. Cryptography is user-unfriendly. The mechanisms used to make it user friendly sacrifice security.
There's a saying that goes "not your keys not your crypto" but this really extends to everything. If you don't control the keys something else does behind the scenes. A six digit PIN you use to unlock your phone or messaging app doesn't have enough entropy to be secure, even to derive a key-encryption-key.
If you pass a KDF with a hardness of ~5 seconds a four digit PIN to derive a key, then you can brute force the whole 10,000 possible PINs in ~13 hours. After ~6.5 hours you would have a 50% chance of guessing correctly. Six digit PIN would take significantly longer, but most software uses a hardness nowhere near 5 seconds.
> A six digit PIN you use to unlock your phone or messaging app doesn't have enough entropy to be secure
The PIN is not usually used for cryptography, it's used to authorize the TEE (secure enclave) to do it for you. It's usually difficult or impractical to get the keys from the TEE.
Take it a step further, even - "End-to-End-Encryption" is complete security theater if the user doesn't control either end.
We joke and say that maybe Microsoft could engineer a safer architecture, but they can also ship an OTA update changing the code ad-hoc. If the FBI demands cooperation from Microsoft, can they really afford to say "no" to the feds? The architecture was busted from the ground-up for the sort of cryptographic expectations most people have.
It's most software. Cryptography is user-unfriendly. The mechanisms used to make it user friendly sacrifice security.
There's a saying that goes "not your keys not your crypto" but this really extends to everything. If you don't control the keys something else does behind the scenes. A six digit PIN you use to unlock your phone or messaging app doesn't have enough entropy to be secure, even to derive a key-encryption-key.
If you pass a KDF with a hardness of ~5 seconds a four digit PIN to derive a key, then you can brute force the whole 10,000 possible PINs in ~13 hours. After ~6.5 hours you would have a 50% chance of guessing correctly. Six digit PIN would take significantly longer, but most software uses a hardness nowhere near 5 seconds.
> A six digit PIN you use to unlock your phone or messaging app doesn't have enough entropy to be secure
The PIN is not usually used for cryptography, it's used to authorize the TEE (secure enclave) to do it for you. It's usually difficult or impractical to get the keys from the TEE.
Take it a step further, even - "End-to-End-Encryption" is complete security theater if the user doesn't control either end.
We joke and say that maybe Microsoft could engineer a safer architecture, but they can also ship an OTA update changing the code ad-hoc. If the FBI demands cooperation from Microsoft, can they really afford to say "no" to the feds? The architecture was busted from the ground-up for the sort of cryptographic expectations most people have.