WingNews logo WingNews
top | item 46837658

(no title)

farbklang | 1 month ago

but that is a pin and can be rate limited / denied, not a cryptograhpic key that can be used to brute force and compare hash generations (?)

discuss

order

barbazoo|1 month ago

They likely wouldn’t rate limit themselves, rate limiting only applies when you access through their cute little enter your pin UI.

solenoid0937|1 month ago

The PIN is used when you're too lazy to set an alphanumeric pin or offload the backup to Apple/Google. Now sure, this is most people, but such are the foibles of E2EE - getting E2EE "right" (eg supporting account recovery) requires people to memorize a complex password.

The PIN interface is also an HSM on the backend. The HSM performs the rate limiting. So they'd need a backdoor'd HSM.