View Single Post
Old 09-29-2005, 10:27 PM   #18
barjohn
BlackBerry Extraordinaire
 
barjohn's Avatar
 
Join Date: Sep 2004
Location: Riverside, CA
Model: 8700
Carrier: AT&T
Posts: 1,068
Default

This is only true if the user locks the unit. Most users don't bother because it slows down being able to answer a call. Furthermore, if you have acces to the hardware you really don't need to use a brute force approach. Think about it. What does the computer have to do when you enter a password? It must either apply the password to a decryption algorihm (not the common approach) or verify the password (authenticate the password and user ID as valid) the more common approach. Think of how it might do this, apply the same technicques used to create a comparison value to the input key and compare the generated key to the stored one way hash. If the comparison matches go to next step. How does this happen in the CPU? Subtract value in register A from value in register B is the result 0, if so go to next step. Now suppose I tell fool the cpu by ensuring that the result of the subtraction is 0, what do you think happens next? Match! Exactly! I could go on giving you lessons on cracking systems but that is not my intent and what I have shared here is the fundamental easy stuff. It gets interesting the more complex and diffiuclt the technique. I remeber once a company from Chicago sent me a hardware based security system for a PC that they said was very secure, it took me less than an hour to break it.

Maybe, RIM has employed some very sophisticated methods (I hold a patent on combining public key and private key methods for securing financial transactions) however, I never claimed it was unbreakable, only htat the cost to break it outweighed the financial gain derived from breaking it due to the fragamentation method used (i.e if you broke one key you were limited in what you could do an dthe effort required to break the next key was equally costly).

The government does not consider a good password more than minimal protection. You will not find SECRET or TOP SECRET data secured by a mere "good" password. CPU time is generally related to key length because technicques like RSA and Diffie Hellman rely on computational difficulty for security.. RSA has been cracked, Diffie Hellmand has been cracked and since SSL isbaed on RSA for key exchange you can consider that it has been cracked. Rivest and Shamir have published info on their systems and new and better technicques for factoring primes are being developed every day, hence the need for greater and greater key lengths. Tables of precomputed primes reduce the time further. (It seems some people have nothing better to do with their computer time) The only theoretically unbreakable encryption system is the one time pad. It isn't practical for most communications but it is very secure. Other systems based on known mathamatical processes to generate psuedo random keys where the key sequence does not repeat for thousands of years are also employed. However, such systems depend on the secrecy fo the process (unlike public key or DES (triple, double or single) where the algoithm is known) and they are basically block cyphers.
__________________
John

For more information see barJohn Reviews It
Active PIN 203A5535
Offline