Encryption Algorithm

[IA]

Which algorithm is used to encrypt data saved on disk?

[FJ]

If you have selected this feature then MPE encrypts the data with RC2

[IA]

Why didn't you implement much stronger AES-256? It's fast and very secure.

[FJ]

Why should i do this ? There are some known problemswith using AES256 in the Windows-API. besides this i don't think that RC2 is not sure enought.

Did you ever try to hack it ?

[Digital Parasite]

RC2 is vulnerable to a related-key attack, see:
- Lars R. Knudsen, Vincent Rijmen, Ronald L. Rivest, Matthew J. B. Robshaw: On the Design and Security of RC2. Fast Software Encryption 1998: 206–221
and
- John Kelsey, Bruce Schneier, David Wagner: Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. ICICS 1997: 233–246

Hopefully you are at least using 128bit RC2 and not 40bit RC2 which can easily be cracked by brute force. Cell phones have very little security in the first place so I'm not sure you need military-grade encryption to secure the files on a PC anyways. Does anyone actually keep very confidential information on their phone? If yes, the RC2 used my MPE is probably the least of their worries.

[FJ]

The phone itself is much more unsure

What do you think of DES ?

[Digital Parasite]

The phone itself is much more unsure

What do you think of DES ?

DES by itself is no longer considered secure which is why they now have AES to replace it. The main problem with DES is its small key size. If you use TripleDES however that is still quite secure.

[IA]

Why should i do this ? There are some known problemswith using AES256 in the Windows-API. besides this i don't think that RC2 is not sure enought.

Did you ever try to hack it ?

[Andy Pryke]

If you'd like to secure your downloaded phone data using very strong algorithms, you could set up a secure filesystem with TrueCrypt and store the data there. It's very simple to do, easily under 15 mins to set up. See http://www.truecrypt.org/

Andy

P.S. Thanks for some great software - I did try using Float's Mobile Agent, but found it buggy; it's not maintained any more and MyPhoneExplorer is much "cleaner" and simpler to use

[Mille]

So what Encryption Algorithm is used in MPE? And can MPE go from encrypted to non-encrypted files if I suddenly don't want my data encrypted?

[FJ]

RC2 is used. If you switch the setting in Menu-File-Users-Current user-Change Name/Password then MPE will reencode/decode the datafiles of the current profile as soon you click on OK in this window.

[Mille]

RC2 is used. If you switch the setting in Menu-File-Users-Current user-Change Name/Password then MPE will reencode/decode the datafiles of the current profile as soon you click on OK in this window.

Can I ask what key is used for the encryption? Just want to know how "feature safe" it is.

[FJ]

The key(password) has at minimum 22 digits

[gabri.ns]

The key(password) has at minimum 22 digits

does this mean that password used to open a profile was also used as the key?
but, i've trying to remove my password but the data still can be encrypted
why did you choose to use a hard coded key?

[FJ]

The password is a part of the key. The key is generated from password, some phone-values and some other values.

[gabri.ns]

oh, i see... that's why encryption still can be done even without password
i've never thought that way
thanks for the information