Encryption Algorithm

Gast

Which algorithm is used to encrypt data saved on disk?

Site Admin Anmeldedatum: 15.02.2006 Beiträge: 31478 Wohnort: Tirol

If you have selected this feature then MPE encrypts the data with RC2

Gast

Why didn't you implement much stronger AES-256? It's fast and very secure.

Site Admin Anmeldedatum: 15.02.2006 Beiträge: 31478 Wohnort: Tirol

Why should i do this ? There are some known problemswith using AES256 in the Windows-API. besides this i don't think that RC2 is not sure enought.

Did you ever try to hack it ?

Anmeldedatum: 02.12.2008 Beiträge: 8 Wohnort: Canada

RC2 is vulnerable to a related-key attack, see:
- Lars R. Knudsen, Vincent Rijmen, Ronald L. Rivest, Matthew J. B. Robshaw: On the Design and Security of RC2. Fast Software Encryption 1998: 206–221
and
- John Kelsey, Bruce Schneier, David Wagner: Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. ICICS 1997: 233–246

Hopefully you are at least using 128bit RC2 and not 40bit RC2 which can easily be cracked by brute force. Cell phones have very little security in the first place so I'm not sure you need military-grade encryption to secure the files on a PC anyways. Does anyone actually keep very confidential information on their phone? If yes, the RC2 used my MPE is probably the least of their worries.

Site Admin Anmeldedatum: 15.02.2006 Beiträge: 31478 Wohnort: Tirol

The phone itself is much more unsure Wink

What do you think of DES ?

Anmeldedatum: 02.12.2008 Beiträge: 8 Wohnort: Canada

FJ hat Folgendes geschrieben:

The phone itself is much more unsure Wink

What do you think of DES ?

DES by itself is no longer considered secure which is why they now have AES to replace it. The main problem with DES is its small key size. If you use TripleDES however that is still quite secure.

Gast

FJ hat Folgendes geschrieben:

Why should i do this ? There are some known problemswith using AES256 in the Windows-API. besides this i don't think that RC2 is not sure enought.

Did you ever try to hack it ?

Gast

If you'd like to secure your downloaded phone data using very strong algorithms, you could set up a secure filesystem with TrueCrypt and store the data there. It's very simple to do, easily under 15 mins to set up. See http://www.truecrypt.org/

Andy

P.S. Thanks for some great software - I did try using Float's Mobile Agent, but found it buggy; it's not maintained any more and MyPhoneExplorer is much "cleaner" and simpler to use Smile

Anmeldedatum: 12.07.2007 Beiträge: 55 Wohnort: Sweden

So what Encryption Algorithm is used in MPE? And can MPE go from encrypted to non-encrypted files if I suddenly don't want my data encrypted?

Verfasst am: So Apr 19, 2009 12:27

RC2 is used. If you switch the setting in Menu-File-Users-Current user-Change Name/Password then MPE will reencode/decode the datafiles of the current profile as soon you click on OK in this window.

Anmeldedatum: 12.07.2007 Beiträge: 55 Wohnort: Sweden

FJ hat Folgendes geschrieben:

RC2 is used. If you switch the setting in Menu-File-Users-Current user-Change Name/Password then MPE will reencode/decode the datafiles of the current profile as soon you click on OK in this window.

Can I ask what key is used for the encryption? Just want to know how "feature safe" it is.

Verfasst am: So Apr 19, 2009 16:50

The key(password) has at minimum 22 digits

Anmeldedatum: 10.10.2009 Beiträge: 10 Wohnort: Indonesia

FJ hat Folgendes geschrieben:

The key(password) has at minimum 22 digits

does this mean that password used to open a profile was also used as the key?
but, i've trying to remove my password but the data still can be encrypted
why did you choose to use a hard coded key?

Site Admin Anmeldedatum: 15.02.2006 Beiträge: 31478 Wohnort: Tirol

The password is a part of the key. The key is generated from password, some phone-values and some other values.

Informationen zum Datenschutz auf dieser Website