Brute force passcode

[mssun]

Attackers can brute force the passcode, which is only 4 digits.

[raxod502]

Agreed, see also #49.

[yishilin14]

I think we need a better open source passcode lock framework. And suggestions?

[neur0manc]

Um, sorry for the uninformed (stupid?) question, but I'm instered in working on this:

Has anyone looked into the Security Framework from apple? If I intrepret the first image correctly it should be able to restrict application access and access to specific user secrets (like repo acces data and private key) with methods from that framework. If that's the case, this, and the issues #49 and #96 should be solvable with it.

I'm not part of the Swift and iOS developer community (yet), so maybe someone more informed can answer my question?

Thanks!

[yishilin14]

@ls42 I am not aware of this framework.

Issues #49 and #96 have been here for a really long time. We haven't found time to work on them yet. Looking forward to see a pull request.

[nathantannar4]

There is BiometricAuthenticator which leverages apples core security and prompts the user for the iOS system password for access

[yishilin14]

@nathantannar4 I am working on this. There is a new branch with usable but not fully tested features. Will try to merge the new branch into develop asap. :-)

[yishilin14]

Pass v0.3.1(12) supports longer passwords now! Feel free to give it a try. I will come back and close this issue a bit later. :-)

[mssun]

The AppStore release has resolved this issue, and I'm closing this issue. Free feel to reopen it if you have further questions.