The passcode in system memory (why?), which is disappear after we turn off iPhone, is charge of encrypting/decrypting files. However Touch ID cannot do the same thing. Why?
I explain the reason as follows.
- For security concern, the plaintext passcode cannot be stored in flash storage because it is easily leaked.
- The plaintext passcode in system memory disappears after turning off iPhone. Therefore there is no risk of leaking. Apps cannot read it at run-time because the memory's are is not readable and is encrypted by hardware (secure element.)
- A ciphertext passcode in flash is encrypted by a one-way algorithm (eg., SHA-1) from the plaintext one.
- The iOS encrypts and decrypts files by the plaintext passcode.
- Why cannot we use Touch ID to encrypt files? Because the biometric data of our pressed fingers are different each time.