It seems reasonable to assume that combining Apples ‘automatic wipe’ after 10 failed attempts with a 4 digit code is adequate security. After all, 4 digits is 10,000 combinations, and almost impossible to guess in 10 attempts.
However, a hacker who has your device is not just going to sit and type in to the screen. They will attack the system directly, and as Vladimir Katalov at security firm Elcomsoft says “We run the attack on the passcode directly “on the chip”, and the system does not recognize that it is being bruteforced, so we can make as many attempts as we want (and have the time for)” And it only takes about 20 minutes to crack an iPhone 4.
Once the passcode is cracked, the all the encryption is removed, and they have full access to your data.
So the only way to take advantage of ios hardware encrpytion and protect your data is to use a big old long password, as Mr Katalov says “Complex passcode is a good idea — it is almost impossible to break it.”.
I favour a 2 or 3 word phrase that I can remember, and that I can type with one thumb! And to make it more useful, I’ll use motivational pass phrases.
source: http://blog.crackpassword.com/2011/05/elcomsoft-breaks-iphone-encryption-offers-forensic-access-to-file-system-dumps/
