Passcode entanglement with UID

While reading the Apple Platform Security document, I came across this statement under the Passcodes and Passwords section

The passcode is entangled with the device’s UID, so brute-force attempts must be
performed on the device under attack. 

I have a few questions

  1. What is meant by the passcode being entangled with the UID and why the brute force attempts have to be performed on the device itself?

  2. What sort of cryptographic algorithms are used for this?

Any online links to this topic is appreciated.


In general "entangling" means that you're somehow "mixing" two components into one. This can be done in a number of ways.

In this specific instance what happens is that the UID and passcode are entangled by using an AES encryption algorithm. The UID is as the key for the AES encryption, and the passcode is used as the clear text. The cipher text is then the entangled data.

In order to create the entangled data, you'll need both the UID and the passcode.

The reason why this must happen on device is that the UID is a unique number that is "fused" into the CPU (i.e. each CPU has a different number, and it cannot be changed after the fact) - and that number is not accessible by software directly. However software can ask the CPU to encrypt data with the AES algorithm using the UID as the key - the software can then get the cipher text without ever knowing the UID.

As an added complexity, Apple actually uses a key derivation function known as PBKDF2 where additional computation is needed to go from the starting data to the actual data used as an encryption key. Apple is using 80 rounds (basically "loops" of a computation processes). The purpose of this is to make it slow (i.e. use a lot of CPU time) to come from a pass code (which we're trying to brute force) to the encryption key - even when you have access to the CPU with the UID inside it. Making it slow means that brute forcing takes a lot longer than otherwise, hopefully making it infeasible.