Autor |
Nachricht |
IA
Gast
|
Verfasst am:
So Dez 14, 2008 22:29 |
|
Which algorithm is used to encrypt data saved on disk? |
|
|
|
|
FJ
Site Admin
Anmeldedatum: 15.02.2006
Beiträge: 31478
Wohnort: Tirol
|
Verfasst am:
Mo Dez 15, 2008 01:37 |
|
If you have selected this feature then MPE encrypts the data with RC2 |
|
|
|
|
IA
Gast
|
Verfasst am:
Mo Dez 15, 2008 16:41 |
|
Why didn't you implement much stronger AES-256? It's fast and very secure. |
|
|
|
|
FJ
Site Admin
Anmeldedatum: 15.02.2006
Beiträge: 31478
Wohnort: Tirol
|
Verfasst am:
Mo Dez 15, 2008 19:49 |
|
Why should i do this ? There are some known problemswith using AES256 in the Windows-API. besides this i don't think that RC2 is not sure enought.
Did you ever try to hack it ? |
|
|
|
|
Digital Parasite
Anmeldedatum: 02.12.2008
Beiträge: 8
Wohnort: Canada
|
Verfasst am:
Do Dez 18, 2008 16:17 |
|
RC2 is vulnerable to a related-key attack, see:
- Lars R. Knudsen, Vincent Rijmen, Ronald L. Rivest, Matthew J. B. Robshaw: On the Design and Security of RC2. Fast Software Encryption 1998: 206–221
and
- John Kelsey, Bruce Schneier, David Wagner: Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. ICICS 1997: 233–246
Hopefully you are at least using 128bit RC2 and not 40bit RC2 which can easily be cracked by brute force. Cell phones have very little security in the first place so I'm not sure you need military-grade encryption to secure the files on a PC anyways. Does anyone actually keep very confidential information on their phone? If yes, the RC2 used my MPE is probably the least of their worries. |
|
|
|
|
FJ
Site Admin
Anmeldedatum: 15.02.2006
Beiträge: 31478
Wohnort: Tirol
|
Verfasst am:
Do Dez 18, 2008 19:44 |
|
The phone itself is much more unsure
What do you think of DES ? |
|
|
|
|
Digital Parasite
Anmeldedatum: 02.12.2008
Beiträge: 8
Wohnort: Canada
|
Verfasst am:
Fr Dez 19, 2008 01:12 |
|
FJ hat Folgendes geschrieben: | The phone itself is much more unsure
What do you think of DES ? |
DES by itself is no longer considered secure which is why they now have AES to replace it. The main problem with DES is its small key size. If you use TripleDES however that is still quite secure. |
|
|
|
|
IA
Gast
|
Verfasst am:
Do Dez 25, 2008 15:16 |
|
FJ hat Folgendes geschrieben: | Why should i do this ? There are some known problemswith using AES256 in the Windows-API. besides this i don't think that RC2 is not sure enought.
Did you ever try to hack it ? |
|
|
|
|
|
Andy Pryke
Gast
|
Verfasst am:
Mo Dez 29, 2008 20:06 |
|
If you'd like to secure your downloaded phone data using very strong algorithms, you could set up a secure filesystem with TrueCrypt and store the data there. It's very simple to do, easily under 15 mins to set up. See http://www.truecrypt.org/
Andy
P.S. Thanks for some great software - I did try using Float's Mobile Agent, but found it buggy; it's not maintained any more and MyPhoneExplorer is much "cleaner" and simpler to use |
|
|
|
|
Mille
Anmeldedatum: 12.07.2007
Beiträge: 55
Wohnort: Sweden
|
Verfasst am:
So Apr 19, 2009 11:59 |
|
So what Encryption Algorithm is used in MPE? And can MPE go from encrypted to non-encrypted files if I suddenly don't want my data encrypted? |
|
|
|
|
FJ
Site Admin
Anmeldedatum: 15.02.2006
Beiträge: 31478
Wohnort: Tirol
|
Verfasst am:
So Apr 19, 2009 12:27 |
|
RC2 is used. If you switch the setting in Menu-File-Users-Current user-Change Name/Password then MPE will reencode/decode the datafiles of the current profile as soon you click on OK in this window. |
|
|
|
|
Mille
Anmeldedatum: 12.07.2007
Beiträge: 55
Wohnort: Sweden
|
Verfasst am:
So Apr 19, 2009 14:25 |
|
FJ hat Folgendes geschrieben: | RC2 is used. If you switch the setting in Menu-File-Users-Current user-Change Name/Password then MPE will reencode/decode the datafiles of the current profile as soon you click on OK in this window. |
Can I ask what key is used for the encryption? Just want to know how "feature safe" it is. |
|
|
|
|
FJ
Site Admin
Anmeldedatum: 15.02.2006
Beiträge: 31478
Wohnort: Tirol
|
Verfasst am:
So Apr 19, 2009 16:50 |
|
The key(password) has at minimum 22 digits |
|
|
|
|
gabri.ns
Anmeldedatum: 10.10.2009
Beiträge: 10
Wohnort: Indonesia
|
Verfasst am:
Mo Okt 12, 2009 12:13 |
|
FJ hat Folgendes geschrieben: | The key(password) has at minimum 22 digits |
does this mean that password used to open a profile was also used as the key?
but, i've trying to remove my password but the data still can be encrypted
why did you choose to use a hard coded key? |
_________________ Sony Ericssons K320i
Connected using USB Cable |
|
|
|
FJ
Site Admin
Anmeldedatum: 15.02.2006
Beiträge: 31478
Wohnort: Tirol
|
Verfasst am:
Mo Okt 12, 2009 19:04 |
|
The password is a part of the key. The key is generated from password, some phone-values and some other values. |
|
|
|
|
|