No documento iOS Security Fevereiro 2014, a Apple explica melhor o funcionamento do Touch ID.
A Taxa de Colisão de 1 para 50mil. A chence de uma pessoa destravar o seu iPhone com a digital dela é de 1 em 50mil.
Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space.
Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter.
Communication between the A7 and the Touch ID sensor takes place over a serial peripheral interface bus. The A7 forwards the data to the Secure Enclave but cannot read it. It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is built into the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.
The passcode can always be used instead of Touch ID, and it’s still required under the following circumstances:
-iPhone 5s has just been turned on or restarted
-iPhone 5s has not been unlocked for more than 48 hours
-After five unsuccessful attempts to match a finger
-When setting up or enrolling new fingers with Touch ID
-iPhone 5s has received a remote lock command (traduzir)
via TechCrunch, 9to5mac
