1. viciousknid's Avatar
    Is there a program that will convert the .jpg.rem files that are on my laptop?

    I purchased an Iphone recently and sold my Pearl 8110. I copied all of the files off of my phone and SD card onto my flash drive using just the traditional drag and drop method because I was on a work computer and didn't have Desktop Manager on the PC.

    I tried searching but all results showed the option for disabling encryption on the sd card. Obviously I wasn't thinking about the encryption when I copied my files. I know how to do it using Data Manager but that does me no good since I sold my blackberry.

    Thanks for any suggestions.
    02-16-10 03:13 AM
  2. Radius's Avatar
    My suggestion is to take new pictures. You are stuck without the phone.

    And if it was so easy to decrypt the files then it wouldn't be worth encrypting them at all.
    02-16-10 06:17 AM
  3. F0nage's Avatar
    I thought about giving that answer, but if he has the password it would not be unreasonable to ask about recovering his files. RIM should be using standard encryption algorithms, and if so, what he's asking for should be possible.
    02-16-10 07:29 AM
  4. Radius's Avatar
    I thought about giving that answer, but if he has the password it would not be unreasonable to ask about recovering his files. RIM should be using standard encryption algorithms, and if so, what he's asking for should be possible.
    Except for the fact no one makes that kind of software but RIM (for their devices anyhow) and there is no way they are giving it out. I would like RIM a lot less if these apps were freely available, so would anyone with encrypted data.
    02-16-10 10:10 AM
  5. Denise in Los Angeles's Avatar
    I thought about giving that answer, but if he has the password it would not be unreasonable to ask about recovering his files. RIM should be using standard encryption algorithms, and if so, what he's asking for should be possible.

    The OP could have recovered his files before selling his phone. Unfortunately,
    its a mistake, but now he does not have the option of putting his media card
    back in his Pearl 8110.

    I agree with Radius that RIM should not be giving out their encryption algorithms.
    02-16-10 10:48 AM
  6. F0nage's Avatar
    You guys don't know anything about encryption or why using proprietary algorithms is all but dead in the industry.

    RIM does not have their own algorithms, they use standards, as I said. Good crypto depends on good key management and the secrecy of the keys, not secret algorithms or other smoke and mirrors.

    The algorithms are all public standards. So I guess now you don't like RIM.
    Last edited by F0nage; 02-16-10 at 11:08 AM.
    02-16-10 11:06 AM
  7. T�nis's Avatar
    Please pardon the ignorant questions, but what are algorithms, what is key management, and why does secrecy of one matter while secrecy of the other doesn't? Most importantly (to me), if my BB media card jpeg's are encrypted, will someone who puts the media card in the card reader of his computer be able to find a way to view my pics?

    Posted from my CrackBerry at wapforums.crackberry.com
    02-16-10 02:16 PM
  8. viciousknid's Avatar
    Pretty much what I was expecting to hear but thought there might be a converter out that would let me decrypt using the original password.
    Oh well, Live and learn.

    Posted from my CrackBerry at wapforums.crackberry.com
    02-17-10 03:02 AM
  9. F0nage's Avatar
    Please pardon the ignorant questions, but what are algorithms,
    An algorithm is a procedure for accomplishing a task. To write a non-trivial program, you have to understand what you want to do and formalize it, and then write the code to implement the algorithm correctly. In the case we're talking about, crypto, mathematicians come up with a way to encode data that doesn't depend on the secrecy of the algorithm, just the secrecy of the keys. Then they describe the algorithm using figures and a written description, so programmers can implement it.

    what is key management,
    Key management is how you generate and store keys. Keys are the important link in security in a properly designed system, so like the files you're trying to encrypt, the keys also have to be encrypted and kept secure. Otherwise, if someone compromises your device, they could recover your keys, which would make the encryption worthless. What you choose for your key is really a passphrase. There are standard ways of operating on passphrases to generate keys that are appropriate for each type of cipher.

    and why does secrecy of one matter while secrecy of the other doesn't?
    Because a good cryptographic algorithm must not depend on the secrecy of the algorithm, but only on the secrecy of the keys. All of commonly used cryptographic algorithms are published standards. This gives an opportunity for people in the community to evaluate the algorithm, develop attacks, and ultimately verify whether there are any known weaknesses. Invariably, algorithms that depend on the secrecy of the algorithm are found to be broken. And it's a simple matter for people to reverse engineer anything they have access to, so hiding the source does no good for anybody. Any good cryptographic algorithm can easily withstand being exposed without compromising its security in the least.

    Most importantly (to me), if my BB media card jpeg's are encrypted, will someone who puts the media card in the card reader of his computer be able to find a way to view my pics?
    Most successful attacks are based on recovering the keys, not breaking an algorithm. None of the commonly used algorithms today have any practical weaknesses or they would not be in use.

    RIM hasn't been very forthcoming with documentation, but from searching around it looks like they have options of 3DES and AES256 throughout their solution. If you use a good passphrase these ciphers are safe enough that it is not practical for anybody to recover your files in a reasonable time. If they really, really want something you have, and they can't recover your keys with standard techniques, it's easier to use rubber hose cryptanalysis than to continue with technology.

    If you use bad passphrases like your birthday or other personal info, it is relatively easy for someone who really wants your files to figure it out.
    02-17-10 05:13 AM
  10. hexwulf's Avatar
    "rubber hose cryptanalysis"

    My new favorite phrase when referring to decryption.
    02-17-10 06:00 AM
  11. F0nage's Avatar
    I can't take credit for it, but it is a good one LOL
    02-17-10 06:34 AM
  12. T�nis's Avatar
    Thank you, F0nage, for the very helpful and detailed reply. And thanks for answering all my questions patiently and in layman's terms
    With appreciation,

    Tony

    Posted from my CrackBerry at wapforums.crackberry.com
    Last edited by T�nis; 02-17-10 at 06:59 AM.
    02-17-10 06:57 AM
  13. F0nage's Avatar
    You betcha, Tony. The more people understand crypto and the value of it the more we can all protect our personal privacy.
    02-17-10 08:35 AM
  14. Radius's Avatar
    You guys don't know anything about encryption or why using proprietary algorithms is all but dead in the industry.

    RIM does not have their own algorithms, they use standards, as I said. Good crypto depends on good key management and the secrecy of the keys, not secret algorithms or other smoke and mirrors.

    The algorithms are all public standards. So I guess now you don't like RIM.
    I know all of this, I've dealt extensively with cryptography as it's required in some of my software.

    But the main thing is RIM isn't going to tell us anything so the only way for the average person to get their stuff back is on the original phone. Also, just because they use a standard algorithm doesn't mean anything, they probably don't do linear encryption anyhow on a whole file. I bet they mix it up a little as I have done in the past to make the truly security paranoid people happy.

    It's amazing the lengths some people want you to go to protect temperature and humidity data sometimes.
    02-17-10 09:45 AM
  15. F0nage's Avatar
    What's linear encryption? Sounds like you're making stuff up.

    Nobody mixes encryption, that's a known bad idea. If anybody is stupid enough to try to roll his own, even using standard ciphers, he has no idea what he's doing. Nobody in the industry does that. In some cases, they have shown that multiple encryption has the potential to leak and make the resulting ciphertext easier to deal with than had they used a single cipher. If you are playing around with that stuff you are painting a giant bullseye on yourself and I wouldn't want to be the lawyer who has to defend you.

    Anybody who has an ounce of brains and doesn't want his a$$ handed to him in court will use industry standard toolkits implementing accepted, published, standard ciphers. If you are foolish enough to think you're smarter than the teams that come up with this stuff, you are very sadly mistaken. If they could improve the security of their algorithms, they would have done it already. Like Bruce Schneier said, "nobody was ever fired for using a standard."

    The main point I want to make is that while there is heavy mathematics in this, it is not smoke and mirrors or privileged information as so many people who have no idea what they are talking about would like to suggest.
    Last edited by F0nage; 02-17-10 at 11:12 AM.
    02-17-10 11:05 AM
  16. Radius's Avatar
    What's linear encryption? Sounds like you're making stuff up.
    No, I mean encrypt the data in a linear fashion in the file.

    For example, we have 100 bytes and are using a known algorithm so anyone can crack it right?

    So we partition the data into 25 byte "sectors" and encrypt them separately. And instead of always using the same key, just have the code mix it up as it goes along.

    That way someone trying to crack into the file isn't going to be able to do it so easily, and the primary key is never used to encrypt the first sector so they won't be able to tell what's going on. This method will stop most people in their tracks for a long time until they figure out what's going on.
    02-17-10 12:56 PM
  17. F0nage's Avatar
    No, I mean encrypt the data in a linear fashion in the file.
    For example, we have 100 bytes and are using a known algorithm so anyone can crack it right?
    No, not at all. There's no reason to say if you have only 100 bytes using a known algorithm anyone can crack it. If you use a good cipher the ciphertext will look like random data and it will be secure.

    There are stream ciphers and block ciphers. Stream ciphers operate byte by byte while block ciphers operate on fixed length pieces of cleartext and pad out the last block so all the blocks are even. Most of the time you don't use stream ciphers when you're encrypting text for storage, you use a block cipher. Stream ciphers are used when performance is more important than security. This is a bit of an overgeneralization, but it's good enough for this discussion. Depending on the blocksize of the cipher you use, a 100 bytes of cleartext won't be 100 bytes of ciphertext, it will probably wind up being 128 bytes.

    So we partition the data into 25 byte "sectors" and encrypt them separately. And instead of always using the same key, just have the code mix it up as it goes along.
    The design of all block ciphers is to process fixed length pieces of cleartext. You don't have to partition anything. If you use more than one key it makes things more complicated than necessary, how will you secure and maintain the keys? Bad implementations usually keep the key in a literal in the code, that's not secure at all.

    I like to make the analogy that cryptography is like chemistry. In both sciences, you have people with a lot of training working together in teams and in very competitive environments. When they come out with stuff you should really use what they give you, the way they recommend using it, because by the time we hear about it, a lot smarter people than us have tried to break their stuff and couldn't. Just like you wouldn't get a couple of drums of chemicals and start mixing stuff together without expecting to see your house on the 6:00 News (if you were still alive, that is) you shouldn't try to start mixing and fooling around with the algorithms and tools they designed, because they are way ahead of us and already thought about and dismissed all our wacky ideas about other ways to do things to make them more secure.

    sci.crypt is full of one brain surgeon after another coming up with a new, "unbreakable" algorithm only to be shot down before he ever gets off the runway. The rule of thumb is, you're not qualified to write your own cipher or waste other people's time with challenges until you have broken or at least designed a practical attack on an existing cipher.

    All of the commonly available standard algorithms are perfectly safe when used as directed. If you change anything, you're on your own.

    That way someone trying to crack into the file isn't going to be able to do it so easily, and the primary key is never used to encrypt the first sector so they won't be able to tell what's going on. This method will stop most people in their tracks for a long time until they figure out what's going on.
    Complexity in software is bad. All of these home-grown "solutions" are maintenance and management nightmares, and none are proven to offer more security than correctly implemented algorithms. Anybody using this stuff should use the algorithms exactly as designed, use known feedback methods, and known good key management practices. All of this stuff is published and nobody should be using it (as a coder) without familiarizing himself with these materials. You don't need to try to outsmart the designers and think you can add to their security. If you use what they gave you as they told you to use it, you will not ever have a problem. If you make up your own techniques, you will invariably shoot yourself in the foot, and then you may have to explain to your boss or to a jury why you varied from accepted, standard ways of doing business.

    For anybody interested in all this, read all the books you can get your hands on from Bruce Schneier. He is not only an expert on cryptography and a participant in the competition that led to the recent adoption of AES as the U.S. standard, but he has important insights and observations on security issues in general and has the ability to explain key issues to programmers and non-technical people in useful and thought-provoking ways.
    Last edited by F0nage; 02-18-10 at 03:02 AM.
    02-18-10 02:55 AM
LINK TO POST COPIED TO CLIPBOARD