1. ClassyBOLD's Avatar
    I'm running the latest 2.1 beta and I've been a little curious about the full device encryption option. Can someone explain in detail what it does and how turning it on will effect my experience with the device?

    If this option is similar to encryption on BBOS, will I risk being locked out of my personal data? This happened to me on my blackberry: had encryption on with a device generated key, when I upgraded phones, somehow the key did not transfer so a lot of my personal data was unretreivable, as in I could see the files but it had .rem appended to them and I could not open them.

    Since we have about 4 months to release of BB10, maybe this could make for a good article
    09-15-12 02:00 AM
  2. peter9477's Avatar
    I enabled the encryption on my beta 2.1 tester PlayBook as soon as that feature was available, and I haven't noticed any impact on my user experience so far.

    What it does? Well, actually I haven't read the details (at least lately) but from what I recall of the description of it, it's encrypting all my user data. What I would expect that to be doing is encrypting the entire contents of the /accounts/1000 folder (and possibly some other things), which covers ALL app data that wasn't originally in the App World download, and ALL shared data that I can access over WiFi from my PC.

    I wouldn't say the risk of being locked out of your personal data is any higher with encryption enabled than it was without it... if you set a device password and a file sharing password, and you forget both of those, you're already locked out of your personal data even without the encryption.

    As far as I'm concerned, the addition of encryption means merely that if someone with the technical ability and resources (e.g. a government or major company) took my PlayBook, ripped it open, extracted the flash chips, and attempted to retrieve my personal data, they'll end up with a bunch of random ones and zeros so long as they don't have my password...

    I can't speak to the other possible risks, though as a general rule there's always a tradeoff... if you add a layer of encryption like this, you're inevitably increasing the risk of at least some data loss to at least some degree... but I'm going to judge those increases to be negligible.
    09-15-12 10:11 AM
  3. ClassyBOLD's Avatar
    I enabled the encryption on my beta 2.1 tester PlayBook as soon as that feature was available, and I haven't noticed any impact on my user experience so far.

    What it does? Well, actually I haven't read the details (at least lately) but from what I recall of the description of it, it's encrypting all my user data. What I would expect that to be doing is encrypting the entire contents of the /accounts/1000 folder (and possibly some other things), which covers ALL app data that wasn't originally in the App World download, and ALL shared data that I can access over WiFi from my PC.

    I wouldn't say the risk of being locked out of your personal data is any higher with encryption enabled than it was without it... if you set a device password and a file sharing password, and you forget both of those, you're already locked out of your personal data even without the encryption.

    As far as I'm concerned, the addition of encryption means merely that if someone with the technical ability and resources (e.g. a government or major company) took my PlayBook, ripped it open, extracted the flash chips, and attempted to retrieve my personal data, they'll end up with a bunch of random ones and zeros so long as they don't have my password...

    I can't speak to the other possible risks, though as a general rule there's always a tradeoff... if you add a layer of encryption like this, you're inevitably increasing the risk of at least some data loss to at least some degree... but I'm going to judge those increases to be negligible.
    Thanks for the response, Peter. Have you noticed any affect on system performance and on boot time? (I know with the phones, turning on encryption makes the phones take even longer to boot, wondering if that's the case here too).
    09-15-12 06:14 PM
  4. peter9477's Avatar
    I have not noticed any difference. There may be one, but I find 2.1 already so much faster for some of the things that matter (web browsing, messages and calendar) that whatever slowdown encryption may bring isn't noticeable. Also, since there's hardware support for encryption on the OMAP chip, I actually don't think the theoretical slowdown (there has to be SOME impact) would be noticeable by humans.

    Boot time should be (and feels) entirely unchanged, because most of the booting process has nothing to do with your own data. In fact, if it's done properly, I would think the encrypted data would not be accessed until you enter your password anyway, and that can't happen till booting is complete.
    09-16-12 08:42 AM
  5. FF22's Avatar
    I'm running the latest 2.1 beta and I've been a little curious about the full device encryption option. Can someone explain in detail what it does and how turning it on will effect my experience with the device?

    If this option is similar to encryption on BBOS, will I risk being locked out of my personal data? This happened to me on my blackberry: had encryption on with a device generated key, when I upgraded phones, somehow the key did not transfer so a lot of my personal data was unretreivable, as in I could see the files but it had .rem appended to them and I could not open them.

    Since we have about 4 months to release of BB10, maybe this could make for a good article
    I have read a few threads where encrypted data on the SD card was "lost" if they had to replace a defective phone or upgraded. Is that what happened to your data? Or was the "lost" (coded) data in the internal memory?

    Either way, I'd guess that replacing a defective device or upgrading to a new device should allow some method of retrieving the data. But I guess if 'keyed' to the specific device there is a risk.
    09-16-12 11:34 AM
  6. ClassyBOLD's Avatar
    I have read a few threads where encrypted data on the SD card was "lost" if they had to replace a defective phone or upgraded. Is that what happened to your data? Or was the "lost" (coded) data in the internal memory?

    Either way, I'd guess that replacing a defective device or upgrading to a new device should allow some method of retrieving the data. But I guess if 'keyed' to the specific device there is a risk.
    It was awhile ago so I don't remember. I learned my lesson though and now encrypt using a password and avoid device generated keys.
    09-17-12 11:40 AM
  7. peter9477's Avatar
    The backups on the PlayBook (and presumably BB10) are keyed to one's BBID, not to the device, so there should be no problem restoring to a different device.
    09-17-12 11:50 AM
  8. Maiev's Avatar
    If I got it right, encryption is done with AES256. Now for those that isn't savvy into this tech thing. Normally, a password is fine since the OS so far is secured, so you'd have to enter a password to get into the OS itself and no other way.

    Now lets say the OS got vulnerabilities like iOS stuff, then powerful/knowledgable ppl like governments can bypass the OS password and get right into the data. This is when encryption comes into play. Without knowing the password, you do not have the necessary keys to decrypt your data. A key is generated and stored in the RAM (if I'm right) and once the device locks, the key is deleted off RAM until you enter your password, then the key is regenerated again to decrypt your data. Your government that uses vulnerabilities for sure.. got into your playbook without a password but without the actual password to generate a key, I don't think you can read anything other than random 0's and 1's. So really, until OS security becomes an issue... I don't think people need to worry so much about encryption. It's nice to have though coming from an IT standpoint and for compliance/audit purposes.

    Now having used the encryption for a few days, I can say there is definitely a slowdown. I'd say its very not noticeable until I play FF7 using PCSX-PB. The emulator running FF7 already requires quite a lot of I/O from the memory/storage medium, and when you take screenshot, you notice it lags since its trying to read AND write to the storage media. However, with encrypion, you can clearly see that on-the-fly encryption will completely stop PCSX-PB from even doing anything since its trying to write the screenshot to the folder. It doesn't lag as much when it was not encrypted.

    To be honest, rock solid QNX... I don't need to worry about drive encryption. Maybe until someone find vulnerabilities, I don't think its worth the 5-10% (what I feel like) write/read speed for encryption plus some processing power. Just like Win7 Ultimate bit-locker, even Microsoft says you lose some performance and I/O...
    rupam95 likes this.
    10-12-12 11:42 PM
  9. peter9477's Avatar
    If you think that the use of full-device encryption should not be used until after someone publishes the fact that they've cracked the OS security, then you're not sufficiently paranoid to be speaking as an authority on security issues. In my opinion. Just saying... ;-)
    crackofdoom likes this.
    10-13-12 10:23 PM
  10. ClassyBOLD's Avatar
    If you think that the use of full-device encryption should not be used until after someone publishes the fact that they've cracked the OS security, then you're not sufficiently paranoid to be speaking as an authority on security issues. In my opinion. Just saying... ;-)
    Yea, that's good point...the point of security is to be proactive, not reactive. I took the plunge awhile back when official 2.1 dropped and enabled FDE. I haven't noticed any performance degradation.
    peter9477 likes this.
    10-20-12 02:36 PM
LINK TO POST COPIED TO CLIPBOARD