1. chakras's Avatar
    Is there a way of Passwording or locking access to the contents of the SD card as i transport things from work on it and do not want it viewed by unauthorised people if it got in to the wrong hands (before anyone says anything no its not dirty pictures lol ). If i could lock the memory card it would make it that bit more secure

    any advice would be appreciated
    05-21-10 09:49 AM
  2. F0nage's Avatar
    Yes, of course. Check your security options. Be careful, if you forget your password you will be posting a "how do I get back my data" thread like other people have done.

    No password = no data. There is also a way to encrypt it based on your individual device. Again, if you lose your phone and somehow saved your card, or the phone broke or you upgrade it, the card will not decrypt in a new device
    05-21-10 10:14 AM
  3. chakras's Avatar
    iv had a look in the security section and cannot see anything that mentions passwording the memory card
    any advice?
    05-22-10 02:38 PM
  4. rdyoung's Avatar
    iv had a look in the security section and cannot see anything that mentions passwording the memory card
    any advice?
    options>>security>>encryption>> enable encryption and then scroll down and setup the encryption for the media card. As f0nage so rightly said, make sure you choose password only, that way its not based on your device and any future devices will be able to access that data.
    05-22-10 02:49 PM
  5. Pete6's Avatar
    The option (Options, Secirity, Encryption) to encrypt the SD card does not password it. It encrypts it on the phone making it very, very hard (I am not going to say impossible) to read this data if the card is put in another device. However if someone steals your phone and there is no password on the phone then the data on the card could stillbe read - easily - on the phone itself.

    Do this by all means but also make sure that you set a system password in Options, Password. This will make certain that your data is safe even if the phone is removed from your person.

    Lastly, if the data you have is small (<20Mb) then you could keep this in Device Memory. You would need to copy the data to the card via Mass Media Mode and then copy it again to Device Memory and finally delete the data from the SD Card entirely or (better) remove the card from the phone completely.

    Using encryption and a password this technique, whilst time consuming would make it very hard indeed to read your data.
    05-22-10 03:04 PM
  6. rdyoung's Avatar
    The option (Options, Secirity, Encryption) to encrypt the SD card does not password it. It encrypts it on the phone making it very, very hard (I am not going to say impossible) to read this data if the card is put in another device. However if someone steals your phone and there is no password on the phone then the data on the card could stillbe read - easily - on the phone itself.

    Do this by all means but also make sure that you set a system password in Options, Password. This will make certain that your data is safe even if the phone is removed from your person.

    Lastly, if the data you have is small (<20Mb) then you could keep this in Device Memory. You would need to copy the data to the card via Mass Media Mode and then copy it again to Device Memory and finally delete the data from the SD Card entirely or (better) remove the card from the phone completely.

    Using encryption and a password this technique, whilst time consuming would make it very hard indeed to read your data.
    Another option while a little more time consuming and in depth to setup, they could create a small 1 or 2gig truecrypt container on the card, and use that to store data, at the moment, the only way to break truecrypt is with bruteforce and with a 10character password, that isn't gonna happen anytime soon.
    05-22-10 03:38 PM
  7. F0nage's Avatar
    Brute forcing a 10 character password is trivial even on a single PC.
    05-23-10 08:02 AM
  8. catfish1976's Avatar
    options>>security>>encryption>> enable encryption and then scroll down and setup the encryption for the media card. As f0nage so rightly said, make sure you choose password only, that way its not based on your device and any future devices will be able to access that data.
    so with that being said it, i had some files that i hid on my 8330 and i noticed that when i moved my card over to my 9700 i noticed that i wasnt able to "unhide" the file or the files in it because i would need to have set it up as a password in my 8330 so i can do as i please in the 9700?
    05-23-10 08:28 AM
  9. rdyoung's Avatar
    Brute forcing a 10 character password is trivial even on a single PC.
    A 10 digit pass maybe, but using at least 1 character from all sets on a KB and your unlikely to crack it in this millenium. AND, while truecrypt could theoretically be bruteforced, there isn't software available to the average consumer to crack it.
    05-23-10 08:55 AM
  10. rdyoung's Avatar
    so with that being said it, i had some files that i hid on my 8330 and i noticed that when i moved my card over to my 9700 i noticed that i wasnt able to "unhide" the file or the files in it because i would need to have set it up as a password in my 8330 so i can do as i please in the 9700?
    Not sure exactly what your getting at. But windows xp pro or 7 should be able to override the hidden attributes of files on the card.
    05-23-10 08:56 AM
  11. Pete6's Avatar
    Encryptionn and security is a biiig subject. My take on it is that if somebody wants your data then they will probably get it.

    • No software system is ever totally safe.
    • The more copies you have of the data the harder it is to lose completely (Backups) but the harder it becomes to ompletely protect.
    • The only real security is physical i.e. keep it locked up inside a secure environment.
    The above was why I suggested encrypting the data on the phone, passwording the phone so that after 10 or less attempts at the password the phone wipes itself, removing the microSD card and keeping it secure elswhere from the phone will help a lot since that is removable and can be cracked quietly.

    I am pretty sure that most people cannot bypass the BlackBerry password and internal encryption in 10 tries (if you set it as high as 10). If the phone is on BES then that is even better since the wipe can be done remotely. You can buy apps that will do this for BIS too but I think that BES is just that bit better.
    05-23-10 09:18 AM
  12. rdyoung's Avatar
    Encryptionn and security is a biiig subject. My take on it is that if somebody wants your data then they will probably get it.

    • No software system is ever totally safe.
    • The more copies you have of the data the harder it is to lose completely (Backups) but the harder it becomes to ompletely protect.
    • The only real security is physical i.e. keep it locked up inside a secure environment.
    The above was why I suggested encrypting the data on the phone, passwording the phone so that after 10 or less attempts at the password the phone wipes itself, removing the microSD card and keeping it secure elswhere from the phone will help a lot since that is removable and can be cracked quietly.

    I am pretty sure that most people cannot bypass the BlackBerry password and internal encryption in 10 tries (if you set it as high as 10). If the phone is on BES then that is even better since the wipe can be done remotely. You can buy apps that will do this for BIS too but I think that BES is just that bit better.

    Exactly, no matter how good the encryption/protection on a device is, whoever possesses that device owns the data on it, its just a matter of time for them to crack it.

    Personally, I would stay away from keeping too sensitive/important data on a phone, its way too easy to lose, break, get stolen, etc.
    I would suggest that instead of the phones sd, get a 16gig flash drive, they are pretty cheap and reliable now. I have a patriot razzo that is lightning fast, had it for over a year now. I keep all my important docs, plus anything and everything I think I may need to fix a pc or some other BS on the fly, you never know when it may come up. If you have access to a windows 7 pro or ultimate machine you can use bitlocker to encrypt it, if you use a password that is at least 11+ alphanumeric and throw in at least one other character and its pretty unbreakable for the time being.
    05-23-10 11:15 AM
  13. F0nage's Avatar
    A 10 digit pass maybe, but using at least 1 character from all sets on a KB and your unlikely to crack it in this millenium. AND, while truecrypt could theoretically be bruteforced, there isn't software available to the average consumer to crack it.
    Truecrypt is not limited to 10 character passwords. Any ten character password is unsafe if people know it's only 10 characters.

    Truecrypt, like all good encryption software, hashes your passphrase to derive the password. If you choose the correct ciphers you should be fine from any software attack except if the system is compromised while it's running or if you have an unencrypted swap.
    05-24-10 12:38 PM
  14. F0nage's Avatar
    Exactly, no matter how good the encryption/protection on a device is, whoever possesses that device owns the data on it, its just a matter of time for them to crack it.
    That's completely false. Please know what you're talking about or don't make these kinds of statements. If you use crypto properly, there is no practical way to break it, no matter how long they have. The bad guys just resort to torturing you. It's cheaper than breaking good crypto.

    if you use a password that is at least 11+ alphanumeric and throw in at least one other character and its pretty unbreakable for the time being.
    Anybody who takes your advice deserves what he gets
    05-24-10 12:40 PM
  15. rdyoung's Avatar
    Truecrypt is not limited to 10 character passwords. Any ten character password is unsafe if people know it's only 10 characters.

    Truecrypt, like all good encryption software, hashes your passphrase to derive the password. If you choose the correct ciphers you should be fine from any software attack except if the system is compromised while it's running or if you have an unencrypted swap.
    Anything is crackable, but if the OP needs secure storage for files, then TC is the most secure method.
    While we could go on for days debating the merits of the different methods of attack for the different ciphers out there. Right now you CAN'T bruteforce TC, there are no publicly known vulnerabilities that would let you have access to a container. when you setup a TC container it asks you what cipher combo you want to use, IF you could attack it, you would first have to know this, and you can't derive it just by looking at the scrambled data on a disk. AND to top it off, TC has a hidden container option where it creates a false outer container and then masks your real one inside.

    So in short, TC is not hackable at the moment. However as I said in a previous post, the most user friendly option would be to use a bitlocker if you have access to it. It also isnt easily cracked unless social engineering is applied.
    05-24-10 12:46 PM
  16. rdyoung's Avatar
    That's completely false. Please know what you're talking about or don't make these kinds of statements. If you use crypto properly, there is no practical way to break it, no matter how long they have. The bad guys just resort to torturing you. It's cheaper than breaking good crypto.



    Anybody who takes your advice deserves what he gets
    For all intents and purposes, this is true, no matter what you may believe.

    For example. There is a little piece of bootcode that I use on a regular basis to bypass password on windows machines, unencrypted of course, but no longer how long the password is, I can bypass it and have full access to a windows/linux machine. 64bit included.

    Now, tell me what I am using and I may believe you have some knowledge to impart, if not stop confusing the non techies with your babble.

    Posted from my CrackBerry at wapforums.crackberry.com
    05-24-10 01:36 PM
  17. F0nage's Avatar
    You're just making statements based on nothing. Nobody said TC isn't secure, the issue is your "unbreakable" 10 character password. It isn't. You are the one making unsupportable wild claims and confusing people.

    You can play all the games you want. Windows security isn't, there are many apps to crack windows passwords. How do you claim to have full access to a Linux machine? All the bootcode in the world isn't going to get you into a luks partition.

    You don't understand anything about what you're talking about. You don't understand crypto, you don't understand key management or hashing or brute force attacks and what they can and can't do. Go back to your imaginary happy world of unbreakable 10 character passwords and fictional ability to own any system. It's funny your claims are self-contradictory, your 10 character password is unbreakable but YOU can get into any system with "bootcode". How does that work?

    Anybody can boot a live CD and get into any Linux...without encrypted partitions. If the partition(s) are encrypted properly with good keys and proper choice of ciphers, they are completely immune to any programmatic attack. Brute force is out of the question.As I said many times, if you have something important they will break your bones and torture you to get the data, they don't need to crack the crypto.
    Last edited by F0nage; 07-04-10 at 12:35 PM.
    07-04-10 12:31 PM
LINK TO POST COPIED TO CLIPBOARD