- After a few weeks of using my new Passport I decided to flip on encryption for the device (not the SD card). I have just over a gig of Navfree maps on the device, but apart from that, not a lot else. I switched on encryption a couple of days ago, and now the encryption page in the settings panel says that my files are encrypted.
The thing is, I'm not being asked for my password at any point. If I reboot I get prompted for my SIM PIN and my picture password to log in, but nothing to decrypt the data on the device.
How can I determine if the encryption process is finished / was successful? Presumably I should get a prompt on reboot and then the encrypted filesystem remains "live" until the next reboot?12-23-15 03:00 PMLike 0 - If it says it's encrypted, your device is encrypted...
When you access the device in "normal" ways using your password, it automatically gives decrypted access (your password is part of the key), But - if someone who does not have your pass, tries to access the device memory in any way - they will not get access
On a open device, anyone with the right tools can access all the data on the device...
encryption should be the default is you ask me, but perhaps there are some country specific regulations preventing this. Similar with most WiFi routers, they can all use encryption, but turned Off as default
So use good passwords on your phone, and don't give them away to anyone ;-)12-23-15 04:16 PMLike 0 - If it says it's encrypted, your device is encrypted...
When you access the device in "normal" ways using your password, it automatically gives decrypted access (your password is part of the key), But - if someone who does not have your pass, tries to access the device memory in any way - they will not get access12-23-15 04:23 PMLike 0 - Upon reboot, if you have to unlock your BlackBerry using Picture Password (and encryption is turned on), your files are encrypted. Try this, and you'll see what I mean. Save a few pics to your SD card and encrypt your card. (Wait for it to be encrypted, of course.) Then take your sd card out and plug it into your laptops card reader. Find the encrypted pics and try to open them. You won't be able to. After you complete this test and are satisfied that the files are encrypted, you can always decrypt your card again.12-23-15 04:31 PMLike 0
- Upon reboot, if you have to unlock your BlackBerry using Picture Password (and encryption is turned on), your files are encrypted. Try this, and you'll see what I mean. Save a few pics to your SD card and encrypt your card. (Wait for it to be encrypted, of course.) Then take your sd card out and plug it into your laptops card reader. Find the encrypted pics and try to open them. You won't be able to. After you complete this test and are satisfied that the files are encrypted, you can always decrypt your card again.12-23-15 04:52 PMLike 0
- I have an email reply from someone at BlackBerry which states that encryption strength on BlackBerry 10 has no relation to password.12-23-15 05:08 PMLike 0
- kbz1960Doesn't MatterWhat are you talking about? Do you only have to use your password, whatever way you have one, on reboot? I doubt it. How long before it locks again? Do you not have to use your password again?
You have to have some kind of password or encryption won't turn on I'm pretty sure. I don't use encryption or a password. Why do you expect encryption to have a separate password?
If you unlock your phone you have access to your encrypted files and phone.12-23-15 05:15 PMLike 0 - I'm sure that's true - in a sense. The data on disk will be encrypted using the key that's stored on disk, which is generated by the device, so, theoretically we're all using strong encryption. The key itself has to be protected by encrypting it with a password though. I suppose that a picture password could be used to do that, but there's no way it could provide effective protection.12-23-15 05:16 PMLike 0
- I have both a device password and a picture password. I'm never asked for the device password. I expect this to be used for encryption and the picture password for unlocking the device. The picture password is inadequate for encrypting the device (assuming that is what's happening...)12-23-15 05:20 PMLike 0
- What are you talking about? Do you only have to use your password, whatever way you have one, on reboot? I doubt it. How long before it locks again? Do you not have to use your password again?
You have to have some kind of password or encryption won't turn on I'm pretty sure. I don't use encryption or a password. Why do you expect encryption to have a separate password?
If you unlock your phone you have access to your encrypted files and phone.
In BB7 there were three encryption strengths (Strong, Stronger, and Strongest), and the usefulness of those options was directly connected to the length of the password. For example, for Stronger to be most effective, a medium length password was necessary. For Strongest, a much longer password (21 character IIRC) was suggested. BB10 clearly implements encryption some other way according to the reply I received. One of the things I had inquired about was the missing BB7 step of generating a random key by moving the trackball/trackpad after encryption on a BB10 device was initially turned on. I had inquired about that and was told the key for each device is baked into the chip on each device (generated using cryptographically sound PRNG) at time of manufacture and that BlackBerry does not retain the keys and can't access them. My question about password relation to encryption strength was a followup question.
I question the practical strength of Apple's on-by-default iphone encryption. I think it may still be tied to password. Even if its implementation is similar to BlackBerry 7, it's unlikely people are using long, complex passwords. I use a long, complex password as the base password on my Q10 and the convenience of Picture Password with my 5 minute security timeout.kbz1960 likes this.12-23-15 05:32 PMLike 1 - That's exactly right. An ordinary password must be set in order to even turn on encryption. Picture Password is optional.
In BB7 there were three encryption strengths (Strong, Stronger, and Strongest), and the usefulness of those options was directly connected to the length of the password. For example, for Stronger to be most effective, a medium length password was necessary. For Strongest, a much longer password (21 character IIRC) was suggested. BB10 clearly implements encryption some other way according to the reply I received. One of the things I had inquired about was the missing BB7 step of generating a random key by moving the trackball/trackpad after encryption on a BB10 device was initially turned on. I had inquired about that and was told the key for each device is baked into the chip on each device using cryptographically sound PRNG at time of manufacture and that BlackBerry does not retain the keys and can't access them. My question about password relation to encryption strength was a followup question.
I question the practical strength of Apple's on-by-default iphone encryption. I think it may still be tied to password. Even if it's implementation is similar to BlackBerry 7, it's unlikely people are using long, complex passwords. I use a long, complex password as the base password on my Q10 and the convenience of Picture Password with my 5 minute security timeout.12-23-15 05:40 PMLike 0 - Are you prompted for the long, complex password though? My Passport never asks for mine - only the picture password. So the fact I have a secure password is overridden by the much less secure picture password... What I'm trying to establish is whether or not this is expected behaviour. If someone can boot up and decrypt my device with ONLY the picture password, this is simply not good enough for me. Unlocking with PP once the device is booted is fine of course (the whole point of using it)kbz1960 likes this.12-23-15 05:52 PMLike 1
-
-
- Hmm, well if a device has all the information it needs to perform the decryption itself, without extra data from me -- i.e. a passphrase or key or hardware token, then the encryption isn't really worth all that much. Encryption is supposed to protect against offline attacks (e.g. take the chips out of the device), and is supposed to depend on something I know or have that the device by itself doesn't. I'm sure whatever magic BlackBerry does in hardware would make things more difficult for a potential attacker, but it doesn't change the fact there is potentially a glaring vulnerability in the approach and it doesn't really give me much confidence not being able to see and understand the decryption process transparently.
Picture Password is great; I love it. But it's far from perfect. There plenty of examples of people in the forums accidentally unlocking their device or someone else unlocking it, either accidentally or by deducing the number/location combination after watching a few attempts. Only allowing X attempts to get the password right doesn't make the encryption scheme any more secure: it only acts as a crude failsafe.12-24-15 04:39 AMLike 0 - Hmm, well if a device has all the information it needs to perform the decryption itself, without extra data from me -- i.e. a passphrase or key or hardware token, then the encryption isn't really worth all that much. Encryption is supposed to protect against offline attacks (e.g. take the chips out of the device), and is supposed to depend on something I know or have that the device by itself doesn't. I'm sure whatever magic BlackBerry does in hardware would make things more difficult for a potential attacker, but it doesn't change the fact there is potentially a glaring vulnerability in the approach and it doesn't really give me much confidence not being able to see and understand the decryption process transparently.
As for the offline scenario, here's what I was told in one of the replies I got:
"The key is stored in non-volatile memory that has been designed to be accessible to the system only. The board and the component enclosures are designed to make physically accessing these ICs problematic and destruction of the data is much more likely than retrieval. We believe that we offer a good level of security for data at rest and our BlackBerry 10 solution has been validated by multiple third parties and was FIPS certified before launch."
Picture Password is great; I love it. But it's far from perfect. There plenty of examples of people in the forums accidentally unlocking their device or someone else unlocking it, either accidentally or by deducing the number/location combination after watching a few attempts. Only allowing X attempts to get the password right doesn't make the encryption scheme any more secure: it only acts as a crude failsafe.Yertie likes this.12-24-15 08:14 AMLike 1 - Oh, PS:
If you're concerned about BB10 encryption strength or vulnerabilities, all you have to do is read what the people who are trying to crack it say. See what Elcomsoft says, what Cellebrite says, what the mobile device and computer forensics labs are saying. They would certainly report it, and it would be big news if they could crack BlackBerry.
There have been numerous demonstrations of ordinary people (not even the professionals) getting around iphone and android os phone passwords. They post how to do it on youtube. Users of Cellebrite UFED equipment have circumvented many iphone and android os phone passwords with plug-in equipment (not sure about the newest phones - haven't checked in a while). I've never read of it happening on a BlackBerry 7 device, and I have a reply from someone at Elcomsoft who says he doesn't think it's even possible to circumvent a password on BB10.12-24-15 08:29 AMLike 0 - Oh, PS:
If you're concerned about BB10 encryption strength or vulnerabilities, all you have to do is read what the people who are trying to crack it say. See what Elcomsoft says, what Cellebrite says, what the mobile device and computer forensics labs are saying. They would certainly report it, and it would be big news if they could crack BlackBerry.
There have been numerous demonstrations of ordinary people (not even the professionals) getting around iphone and android os phone passwords. They post how to do it on youtube. Users of Cellebrite UFED equipment have circumvented many iphone and android os phone passwords with plug-in equipment (not sure about the newest phones - haven't checked in a while). I've never read of it happening on a BlackBerry 7 device, and I have a reply from someone at Elcomsoft who says he doesn't think it's even possible to circumvent a password on BB10.
Posted via my BlackBerry Passport12-24-15 08:41 AMLike 0 - Maybe, it does depend upon the input from you, that I don't know. I just know I was told its strength has no relation to password as it did on BB7. On BB7 it was necessary to use longer passwords to take full advantage of the stronger encryption settings that were available. As I understood it, now it is not. Therefore, for practical purposes the password is for locking/unlocking, but that hasn't stopped me from using a long, complex password.
As for the offline scenario, here's what I was told in one of the replies I got:
"The key is stored in non-volatile memory that has been designed to be accessible to the system only. The board and the component enclosures are designed to make physically accessing these ICs problematic and destruction of the data is much more likely than retrieval. We believe that we offer a good level of security for data at rest and our BlackBerry 10 solution has been validated by multiple third parties and was FIPS certified before launch."
Not to say it's impossible, but I'm not sure I believe all those reports of accidental unlocking or people getting lucky and unlocking the device unless the user chose a combination that was so easy to guess like "put the 0 on the dog's nose" when the nose is so prominent it's begging for the 0 to be placed on it. That said, Picture Password is stronger than any "pattern lock" system where even a child can copy the smudges on the screen. You don't have to use Picture Password--you can turn it off--but I think it's ingenious and will continue to use it.12-24-15 09:26 AMLike 0 - 12-24-15 11:12 AMLike 0
- So, for me, in the end, if it is worth enabling Encryption or not depends on answering the following questions:
1. Will encryption slow performance of the BlackBerry Passport or not?
2. If someone guessed my device password, then encryption is worthless or not?
Thank you!
Posted via Blackberry Passport Silver Edition12-24-15 01:25 PMLike 0 - So, for me, in the end, enabling Encryption on my BlackBerry Passport depends on answering the following questions:
1. Will Encryption slow performance of BlackBerry Passport or not?
2. If someone guessed my device password, then Encryption is worthless or not?
Thank you!
Posted via Blackberry Passport Silver Edition12-24-15 01:29 PMLike 0 - So, for me, in the end, enabling Encryption on my BlackBerry Passport depends on answering the following questions:
1. Will Encryption slow performance of BlackBerry Passport or not?
2. If someone guessed my device password, then Encryption is worthless or not?
Thank you!
Posted via Blackberry Passport Silver Edition
Posted via my BlackBerry Passport12-24-15 02:37 PMLike 0 -
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry Passport
Device Encryption - enabled or not?
« Blackberry passport stuck on WiFi screen
|
Any Service Providers for Blackberry Passport moving forward 2022 »
Similar Threads
-
Should Priv become the family name for ALL Android devices?
By grahamf in forum General BlackBerry News, Discussion & RumorsReplies: 22Last Post: 12-30-15, 01:22 PM -
Upgraded to a Classic. Why aren't out going text being received?
By rdedrick in forum BlackBerry ClassicReplies: 3Last Post: 12-24-15, 11:59 AM -
Why doesn't Whatsapp recognize Exchange synced contacts?
By Walter_56 in forum BlackBerry PrivReplies: 2Last Post: 12-24-15, 12:01 AM -
Should BBRY require T-Mobile to delegate all device updates to them, if they wish to sell the Priv?
By DonHB in forum BlackBerry PrivReplies: 6Last Post: 12-23-15, 02:53 PM -
How do I Disable Auto-Connect of specific Bluetooth devices?
By CrackBerry Question in forum General BlackBerry News, Discussion & RumorsReplies: 1Last Post: 12-23-15, 10:56 AM
LINK TO POST COPIED TO CLIPBOARD