View Single Post
Old 09-26-2005, 12:37 AM   #15
Mark Rejhon
Retired BBF Moderator
 
Mark Rejhon's Avatar
 
Join Date: Aug 2004
Location: Ottawa, Ontario, Canada
Model: Bold
Carrier: Rogers
Posts: 4,870
Default

Quote:
Originally Posted by barjohn
Anyone that believes that you can't crack the memory cards doesn't understand encryption. (Sorry Mark but I must disagree and don't take such nonsense as the CIA couldn't crack [try NSA]).
You may be confusing the use of a flash card filesystem (not the intended usage here) with the use of using the card like flat linear memory, much like the soldered-in flash memory chip. Basically using the card as virtual memory, same purpose as the flash chips soldered inside the BlackBerry.

It would all be the same bytes and data, using the same Content Protection algorithms.

i.e. if it was possible to crack the data in the built-in flash chip, then it would equally be possible. The cryptographic considerations would be pretty much identical. If there's a security hole cracking the cryptographic code on the removable flash chip, there's the same security hole cracking the same cryptographic code on the non-removable flash chip.

For the purposes of this article, pretend the built-in flash chip is removable.

As for the CIA stuff, that was quoted from another article found on this BlackBerryForums site, so that may be hearsay. If it is proven that the builtin flash chip in the BlackBerry is crackable, then I believe you. BUT the bottom line, the point is, the cryptographic security can be made identical between the removable and non-removable flash chips. Cryptographic security strength can be made identical on both the nonremovable and removable chips. That's indisputable. That's the primary thing here. (Just pretend the non-removable chip is actually removable - but store the same bytes into it - when we are talking about byte-level cryptography (like software based cryptography, or external cryptographic hardware generating data to be stored in any arbitrary bitbucket). If BlackBerry security depends on the 'architecture' of the chip (i.e. depending on thermal noise of the flash chip), then I don't currently know about it.

Years, I did learn public key cryptography in first year University Algebra, so I do have a "basic" understanding of public key here, but I don't work with them. You know more than I do about the various intricacies of cryptography, but I think you know the point where I am coming at, even if you were trying to disprove my 100% figure which you may be right at (My point is that security can, in theory, be made identical between removable and nonremovable flash)

I do, however, agree with you that if the internal flash chip(s) (Such as the 32 megabytes worth on the motherboard of the 7290) is proven to not be 100% secure from today's cracking technology (that I don't know, and you may have inside information on top secret agencies doings with BlackBerries), then removable memory would not be 100% secure either. Perhaps you may be right here on the "100%" figure.

Now, to expand on the point of this thread here that security can be made identical regardless whether the flash chip is removable (the card) or nonremovable (the soldered chip). This is on the basis of treating both equally as a data bitbucket with the same data formats, etc. Only that the removable flash is simply easier to physically access for the casual cracker, but for all pratical purposes, anybody determined can equally access either the normally-removable and normally-nonremovable flash. Thus, security implication would be identical. If BlackBerry can be "trusted" to the encryption of its nonremovable flash, then BlackBerry can be "trusted" equally in the encryption of its removable flash (if it has one), assuming the same cryptography is used on both. i.e. can be made pretty secure.

If you know inside information or about whether Content Protection is so weak as to allow cracking simply by transplant of the chip from one BlackBerry to another, or easily cracked from a byte-by-byte dump into computer (easily-broken weak software encryption in the dump), then that would pose a serious problem (That seems like security by obscurity - not revealing how weak Content Protection is - that data can easily be cracked off the builtin flash chip). I'd imagine that the government would not be happy about that. But it is my understanding that Content Protection is pretty strong once the BlackBerry has password locked itself, or lobotomized itself. Consequently, it is my impression it would be equally strong on a removable flash, with identical security strength for both non-removable and removable flash. That means a bad password would still be poor security, but the poor security would just equally affect both the removable and nonremovable flash.
__________________
Thanks,
Mark Rejhon
Author of XMPP extension XEP-0301:
www.xmpp.org/extensions/xep-0301.html - specification
www.realjabber.org - open source

Last edited by Mark Rejhon; 09-26-2005 at 01:08 AM..
Offline