Ciro Santilli has a hard time understanding why this is possible, e.g. many people use short 4 digit pins, or a short swipe pattern. Why can't this be cracked easily offline?
Can we do better than "wrong password implies random bytes"?
Can the last disk access times be checked via forensic methods?