...
But wouldn't the TouchID be creating a secure password that only the user knows (by hashing the fingerprint data)?
I am thinking Apple recommends the 6 digit only because they know most users can't remember a long secure password. That is why Apple created TouchID.
Thus I am sorry, but I think you are incorrect on this issue.
I do think Apple uses a separate password to control which s/w you can install, which I detest, but that is an orthogonal issue.
TouchID. has already been long since being cracked.
https://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid I mean seriously someone's phone is not going to have their fingerprints on it? Giving people a false sense of security in order to sell security theater is detestable.
But that is because the user didn't wipe their fingerprint off the phone. That doesn't prove that TouchID has an insecure DRM.
Precisely what sort of access would you recommend for a mobile device? Uses will not memorize a secure password.
A separate key they carry on their keychain?
P.S. this is important to me because my former colleague and boss if a top researcher at Apple. And I have his ear. So I don't want to present an argument to him that is flawed.
TouchID is, at present, a convenience feature that allows fast unlocking functions instead of typing in a passcode. It is never required and the passcode is always required. Thus it can't possibly add any additional security beyond what the passphrase already provides.
What they have planned for the future I have no idea.
But if you can access with TouchID, then you can justify typing a secure passcode if you want one because you won't lose access if you forget your passcode (or only have it written down at an inconvenient location).
If you are traveling away from the inconvenient location, and your phone resets for whatever reason (including an OS bug/crash, dead battery, etc.), you will lose access to it. Also some other operations you might want to perform such as upgrades require that actual passcode, not touchID. So this is, at present, impractical.
Also, you will lose access entirely if you forget the strong password and don't even have it written down in an inconvenient location.
I am asking for proof that doing that, will still rely on DRM which can be used to decode your private files.
If you use a strong password, you wouldn't be following Apple's recommendations, which was what ArticMine's said earlier.
Sorry I am not seeing it the way you are trying to spin it.
What I see is that there is no solution for a long password in any case where you wouldn't leave it an inconvenient location. Open source or not.
Apple has done the best they can, by allowing you to have a very secure password with a fingerprint access where you don't need the secure password.
Why would a phone reset lose my fingerprint hash
Citations please. And also citation that Apple recommends 6 letter passcode when using TouchID and makes no mention of the option to set a secure password when using TouchID?
