Comment by basch
16 hours ago
they can also just .. brute force passwords. the pin to encrypt fb messenger chat is 6 digits for example.
16 hours ago
they can also just .. brute force passwords. the pin to encrypt fb messenger chat is 6 digits for example.
but that is a pin and can be rate limited / denied, not a cryptograhpic key that can be used to brute force and compare hash generations (?)
They likely wouldn’t rate limit themselves, rate limiting only applies when you access through their cute little enter your pin UI.
The PIN is used when you're too lazy to set an alphanumeric pin or offload the backup to Apple/Google. Now sure, this is most people, but such are the foibles of E2EE - getting E2EE "right" (eg supporting account recovery) requires people to memorize a complex password.
The PIN interface is also an HSM on the backend. The HSM performs the rate limiting. So they'd need a backdoor'd HSM.
4 replies →