[anon5771888]

As I have said this before, if you honestly think that you can make something totally secure in todays world of advanced computers and now you have one of the most powerful agencies on the world with unlimited resources cracking some of the most sophisticated encryption schemes known to the modern world, I will say this again.

A fool and his/her money are soon parted.

[Omnitech]

As I have said this before, if you honestly think that you can make something totally secure in todays world of advanced computers and now you have one of the most powerful agencies on the world with unlimited resources cracking some of the most sophisticated encryption schemes known to the modern world, I will say this again.

A fool and his/her money are soon parted.

Such a thing is indeed achievable.

As always, it's a tradeoff between security and convenience. The problem is that people don't want to trade away the convenience very much.

That equation will change dramatically in places which have a history of totalitarianism, then people are much more willing to give up the convenience.

Here in the USA, overt totalitarianism is an abstract concept to most of the citizenry, so most people don't take security measures very seriously.

And of course we have non-stop cultural brainwashing that keeps people tied-in to the Machine. Can't tear themselves away from Twitter and SMS, it's sorta like the buzzy thing in everyone's ear in Fahrenheit 451.

(Recent studies have shown that tweeners and teenagers in this society are getting less and less sleep at night, because they are basically intertwined with their buzzy electronics all night, waking up whenever a new buzz goes off...)

[Superfly_FR]

And although BES administrators have the capability to set an organisation specific encryption key, the effect of doing this is that those users on the BES can then no longer communicate with anyone not on the same BES over BBM. I think in practice, probably almost no organisation ever set this (though, perhaps governments, etc. did).

With BES10 Balance, I cannot find a reason why they wouldn't use their specific key.

[Superfly_FR]

Such a thing is indeed achievable.

Question : at what (CPU-Bandwidth) cost ? Theoretically, we could raise the encryption bits to whatever ... But make it barely usable in real life for Joes and mobile devices ...

P.S: Elliptic Curve saves the data weight (see my quoted article above).

[jpvj]

Very simple code can be uncrackable (you can see the previous discussions on one time pads). It doesn't even need to be code, it can be done with pen and paper or even in your head for short messages, if you memorize a one time pad ahead of time.

The problem with BES really is more of a somewhat outdated security model, but it shouldn't be assumed that because the NSA is large and well funded and really good at this kind of thing that another large, well funded, security focused organization can't come up with something that the NSA cannot crack - though I'm tempted to think nowadays that small organizations are more trustworthy.

What part of the BES security model is "outdated"?

[Spades1234]

It IS possible to decrypt a 128 bit encrypted email, it just takes a huge room of servers and tonnes of resources to Do a brute force attack on target.

Posted via CB10

[Superfly_FR]

About the Spiegle article document source :

[...] It says intercepting BES messages demands a “sustained” effort by the NSA’s elite Tailored Access Operation [...]
(The TAO is a highly secret NSA unit that “specializes in surreptitiously installing spyware and tracking devices on targeted computers and mobile-phone networks” and that has played a role in the hunt for al-Qaeda leader Osama bin Laden, the Washington Post reported previously.)

http://www.theglobeandmail.com/news/...ticle14186643/

As far as this "document" is reflecting the truth, you have there an better view of what my poor English stated before.
This is (more than) targeted spying : this is tailored. In security environments, this means than besides the technical exploit, they rely on other spyed system weakness or collected infos infos (ex : spyware on PCs, video spying, password strategy, old passwords, revoked keys, etc).
In short: they cannot "branch an read" - as they appear to be capable for several other systems - and any change in the crypto settings will make them start ~ from zero.

Well, that's my reading ... for now

[BB-Marcus]

Just for for info, the suitability for PIN to PIN as a secure method of communication is mentioned in the following link which I stumbled across whilst looking for the BB Tech Docs on the subject
'New' Canadian BlackBerry security scare emerged in 2011

[Omnitech]

Question : at what (CPU-Bandwidth) cost ? Theoretically, we could raise the encryption bits to whatever ... But make it barely usable in real life for Joes and mobile devices ...

P.S: Elliptic Curve saves the data weight (see my quoted article above).

The issue is much bigger than the encryption cipher. The reality is, modern encryption ciphers can be very strong. The problem is in the entire process and system of encryption and security. There are many many elements of that process that can be weak or exploited.

One of the most famous examples are putting passwords on sticky notes and sticking them on your monitor. The best security technology in the world will never solve that kind of problem.

Oh and guess where those sorts of dumb practices were rampant? In the US Army intelligence unit that Bradley Manning was assigned-to in Iraq, among others.

[Poirots Progeny]

Omnitech: That last bit: irony. Wow.

Posted via CB10 on my BlackBerry Q10

[Omnitech]

Omnitech: That last bit: irony. Wow.

Bradley Manning hearing told of security failings at Iraq base | World news | theguardian.com


Quoting:

---

Capt Thomas Cherepko confirmed to Manning's pre-trial hearing in Fort Meade, Maryland, that he received a letter of admonishment in March. He was censured for having failed to submit a package of documents to his superiors � known as a Diacap � that would have verified the network met the defence department's minimum standards on computer security and was designed to have exposed any vulnerabilities.

Not only did Cherepko admit to the hearing that he had failed to submit the package, but he confessed that he had never done so in his entire career as an information assurance manager in charge of network security. He didn't even know how to submit such paperwork.

The embarrassing admission adds to a growing mountain of evidence that Manning's defence lawyer, David Coombs, has obtained from prosecution witnesses over the first three days of proceedings, pointing towards a diabolical absence of security controls at the soldier's intelligence unit. The court has heard that the sensitive compartmented information facility (SCIF) where Manning was deployed as an intelligence analyst, was rife with soldiers playing music and video games stored without authorisation on a classified shared computer drive.

[...]

But despite the sensitive nature of the work carried out in the unit, soldiers were able to download files not authorised, it has been alleged.

Music, games and even pirated movies purchased from Iraqi nationals were stored on a shared drive.

---

[anon62607]

What part of the BES security model is "outdated"?

That might be a little of a misstatement. The modern model is something like:
1) device 1 wants to communicate a message to device 2
2) device 1 and device 2 agree on a key via some secure key exchange mechanism, including authentication of the messages
3) device 1 and 2 then communicate via a symmetric cipher using the key derived in the above key exchange
(that is, public key to communicate a symmetric session key then the session key to transmit the individual messages, the session key then destroyed as soon as the message is transmitted or received)

For BIS / BES PIN messages, the message is protected by a symmetric cipher with a single key that has been preshared to all devices and if there is a record of the historic cipher texts recovery of that key any time in the future make the plaintexts of those messages recoverable.

For other BES messages, the device transport key (for a symmetric cipher) is used to protect communications between the server and device, and those keys are generated when the device is enrolled and those keys by default are only rolled every 30 days. Compromise of a key then compromises on average the last 15 days of messages. Also, the server keeps the current, previous and pending keys available and thus if the server is compromised, the current and previous keys can be recovered and if it's surreptitiously compromised the next key is recovered as well. It "feels" like it's based at it's root on a symmetric shared secret which is vulnerable to compromise, and thus has an outdated feeling (and doesn't provide "perfect forward secrecy")

[anon62607]

It IS possible to decrypt a 128 bit encrypted email, it just takes a huge room of servers and tonnes of resources to Do a brute force attack on target.

Posted via CB10

Presuming the NSA has a custom developed encryption processor able to perform 10 billion tests per second and they put together a supercomputer of 10,000 of those processors a 128-bit key would take 10^17th years to exhaustively search (7 million times the age of the universe) and half that amount of time on average to find the key.

A 64-bit key, on the other hand, would only take on average about a day to find. An 80 bit key would be 170 years or so, on average.

Even 128-bit keys can't be realistically brute forced. If quantum effect comptuers do exist, it would reduce the effective strength of that 128 bit key to 64 bits and then that key strength is at risk, but I don't think it's credible to imagine those exist yet, and probably won't in the next 20 or 30 years.

That said, the attacks might not be purely brute force, it could be that through analysis that part of the key is recoverable and then the remainder must be brute forced, and that significantly reduces the amount of time to find the key to perhaps practical levels.

It's also worth mentioning that in AES, the 128-bit key schedule is stronger than the 192 and 256 bit key schedule. Depending on how you look at it, 128 bit AES might be safer (though all are safe from practical attacks so far).

edit to mention:
On a personal note, I would probably be comfortable using 80-bit keys on an AES-like algorithm (perhaps 80 bit with 16 rounds) if *everyone* would routinely use encryption on everything. That's kind of the best of both worlds, the encryption is too difficult to just vacuum up and decrypt everthing, the 16 rounds hopefully make it more immune to analytical attacks, but 80 bit is something that probably could reasonably be brute forced in the worst case given enough resources if a particular target actually did need to have communications decrypted.

And to follow Moore's "law", if computer power doubles every 18 months then you need to add one bit of keystrength every 18 months too.

The worst case that was being through about yesterday - that the NSA has an analytical attack available against AES, appears not to be true if they do have to devote a team to develop a custom attack against a particular BES server - AES is probably safe.

[anon62607]

About the Spiegle article document source :

NSA able to intercept BlackBerry e-mails: report - The Globe and Mail

As far as this "document" is reflecting the truth, you have there an better view of what my poor English stated before.
This is (more than) targeted spying : this is tailored. In security environments, this means than besides the technical exploit, they rely on other spyed system weakness or collected infos infos (ex : spyware on PCs, video spying, password strategy, old passwords, revoked keys, etc).
In short: they cannot "branch an read" - as they appear to be capable for several other systems - and any change in the crypto settings will make them start ~ from zero.

Well, that's my reading ... for now

the

How the NSA Spies on Smartphones Including the BlackBerry - SPIEGEL ONLINE

article formed most of the original source of those comments, btw.

So, as suspected, anything over BIS appears to be completely vulnerable and has been for many years (not at all shocking). BES is, as you say, exploitable under targeted attacks but it looks like outside of that, safe. This is actually pretty good news in that AES and 3DES themselves must be secure as far as the NSA is concerned - they have to somehow subvert the key to read the messages.

Also mentioned in the article is that the NSA seems to believe that only themselves (NSA and no other intelligence agency worldwide) are able to read/exploit BES messages and mention that the dropoff of US government personnel use of blackberry is a potential risk to security.

This is actually something of an endorsement of BES and BlackBerry security.

[Omnitech]

On a personal note, I would probably be comfortable using 80-bit keys on an AES-like algorithm (perhaps 80 bit with 16 rounds) if *everyone* would routinely use encryption on everything. That's kind of the best of both worlds, the encryption is too difficult to just vacuum up and decrypt everthing...

I more or less agree on that, and if everything is running over encrypted tunnels it also addresses the problem where you get targeted just because you encrypt everything.

[nnik]

I'm thinking ..... Bottom line, the most secure location for valuables, virtual or otherwise can be compromised, it's just a matter of effort and resources ....that said I would keep my **** in safety deposit box..... Even thought the cigar box under the bed may be more convenient

[PP_Bone]

I'm thinking ..... Bottom line, the most secure location for valuables, virtual or otherwise can be compromised, it's just a matter of effort and resources ....that said I would keep my **** in safety deposit box..... Even thought the cigar box under the bed may be more convenient

Your own personal vault (or cigar box) is most secure. The safety deposit box still leaves your valuables in the hands of a third party, those social-whores, the banksters, who will hand over your property to the government even without a court order.

[lozpowell]

blackberry are the ones haking mails!(in my opinion) same thing hapend to me so i looked up the ip ov who loged into acount and it came from blackberrys london office allso they are curently defending themselves against acusations of storing everyones emails and passwords allso there parteners who make alot of there apps linkldn are allso defending themselves in court at the mo against acusations of haking there customers emails



allso interesting to note the gaurdian and the bbc reported that they had done a deal with the indian goverment allowing them to moniter all mails and chat going throo a blackberry!


you can research all quite easy!

please pass this on as in augument with customer support I promised to cost blackberry customers! =)

[Omnitech]

you can research all quite easy!

Yes which is why I have already discounted most of what you wrote there.

[DannyAves]

The real reason Obama can't swap his BlackBerry for an iPhone | Mobile Technology - InfoWorld

"In addition to the security mechanisms in BlackBerry OS itself for managing, auditing, and securing data, apps, and device hardware such as cameras, a BlackBerry has several layers of hardware security in its components. This allows it to have hardware-based sigatures that can't be spoofed as well as hardware-level encryption,"

[Omnitech]

The real reason Obama can't swap his BlackBerry for an iPhone | Mobile Technology - InfoWorld

"In addition to the security mechanisms in BlackBerry OS itself for managing, auditing, and securing data, apps, and device hardware such as cameras, a BlackBerry has several layers of hardware security in its components. This allows it to have hardware-based sigatures that can't be spoofed as well as hardware-level encryption,"

Those are some of the things I was hoping to get around to posting in some of these "Blackberry security" threads, but haven't had a chance to get around to yet. Thanks.