Layman with encryption implementation questions

Hello. I'm an old school BlackBerry (BlackBerry 6) user. I have a pretty good handle on BlackBerry 6 security features and the applicable settings, but I need some help understanding a few fine points.

I. Background (Why I like my old school BlackBerry)

a. BlackBerry uses the AES.
b. Password attempts are limited to a maximum of ten tries. If the maximum is exceeded, the device undergoes a security wipe.
c. Plug-in Cellebrite UFED equipment cannot circumvent the password of a locked BlackBerry handset. (Many Android and iOS devices are vulnerable; someone with UFED equipment can merely plug into a vulnerable device's micro USB port, bypass its password, and download all of its data in a matter of minutes.)
d. The only way to get access to a BlackBerry handset's data when the device password is not known is to perform a "chipoff" in which the handset's memory chip is physically removed in a forensics lab and the data is accessed directly from the chip. If encryption is in use, the lab has the additional task of trying to decrypt the data obtained if the chipoff is performed successfully. (A software exploit is available in which software is used to extrapolate the locked BlackBerry's password by brute forcing a file on an affected BlackBerry's encrypted micro sd card, but this exploit only works if the media card was encrypted using the "Device Password" mode of encryption. If one of the other two choices is used, "Device Key" or "Device Password & Device Key," the software exploit will not work.)
e. Older BlackBerry devices like mine operate on the BlackBerry Internet Service (BIS). A BIS account comes with an @carrier.blackberry.net email address which is only accessible from the BlackBerry handset. I like knowing that this address which I use for my most important communications and as a password recovery address for my online accounts is only accessible from my BlackBerry, not from pc terminals everywhere in the world.

II. Goal: to balance security and convenience/usability

My primary concern is the security of data stored on my BlackBerry and its media card. My handset is password protected, and content protection (encryption) is turned on. I have a 32 character, complex password (multiple case, numbers, and symbols) which I can easily remember (I'd rather not say how at this time), but when I use it, I have a tendency to use a one hour security timeout which means my device is not locked most of the day, seeing that it's in constant use, unless I manually lock it. I usually don't lock it if the BlackBerry is on my person or nearby, but a one hour security timeout is huge risk should I lose the device or if it were stolen. Were I to use a one, two, or five minute security timeout, I would obviously like to use a four character password for convenience. Security in the event of loss or opportunistic theft is greatly increased with the one, two, or five minute security timeout, but I believe the 32 character password greatly increases the security of the encrypted data in the event of a targeted theft or confiscation where chipoff is the intent. The risk of loss or opportunistic theft and targeted theft or confiscation are equal in my risk assessment. My questions follow within the analysis of my findings and what I've learned so far, below.

III. My findings, analysis, and questions

I have contacted two forensics labs, inquired as to whether the labs have the ability to decrypt content protected BlackBerry data upon successful chipoff, and if so, whether password length has a direct bearing on the labs' ability to decrypt the data.

a. The first lab stated, "With regard to your query, we do not have capability to overcome the BlackBerry Content Protection to which you refer. In the event that Content Protection is enabled, then we can only recover the non-encrypted parts of the data."

b. The second lab stated, "Usually yes. However, it does depend on the device model and quality of the password.The BB-9650 is a model that we have successfully recovered content with content protection enabled (numerous times). In order to crack the password we would need to locate a simple hash match -- via rainbow tables or brute force. A high quality password with multiple case, numbers, and special characters would be difficult ..."

c. Both labs stressed that in their experience, most people do not use long or complex passwords and/or encrypt their data.

The three encryption strength settings available to me are "Strong," "Stronger," and "Strongest." Here's what BlackBerry has to say in its literature:

1) "If content protection is turned on, on BlackBerry devices, user data that the BlackBerry devices store is always protected with the 256-bit AES encryption algorithm. Content protection of BlackBerry device user data is designed to perform the following actions: use a 256-bit AES content protection key to encrypt stored data when the BlackBerry device is locked; and use an ECC public key to encrypt data that the BlackBerry device receives when it is locked."

2) "You turn on protected storage of data on the BlackBerry device by setting the Content Protection Strength IT policy rule. You should choose a strength level that corresponds to the desired ECC key strength. If a BlackBerry device user turns on content protection on the BlackBerry device, in the BlackBerry device Security Options, the BlackBerry device user can set the content protection strength to the same levels that you can set using the Content Protection Strength IT policy rule."

3) "When the content-protected BlackBerry device decrypts a message that it received while locked, the BlackBerry device uses the ECC private key in the decryption operation. The longer the ECC key, the more time the ECC decryption operation adds to the BlackBerry device decryption process. Choose a content protection strength level that optimizes either the ECC encryption strength or the decryption time.

"If you set the content protection strength to Stronger (to use a 283-bit ECC key) or to Strongest (to use a 571-bit ECC key), consider setting the Minimum Password Length IT policy rule to enforce a minimum BlackBerry device password length of 12 characters or 21 characters, respectively. These password lengths maximize the encryption strength that the longer ECC keys are designed to provide. The BlackBerry device uses the BlackBerry device password to generate the ephemeral 256-bit AES encryption key that the BlackBerry device uses to encrypt the content protection key and the ECC private key. A weak password produces a weak ephemeral key."

4) From device settings help -- "Set encryption strength - If encryption of data that is stored on your BlackBerry device is turned on, you can set the strength of the encryption that your device uses to protect data that you receive when your device is locked."

I use "Strong" for the encryption strength when I use a four character password with a one minute security timeout. I use "Strongest" for the encryption strength when I use a 32 character password with a one hour security timeout. The BlackBerry literature seems to stress that the user selectable encryption strength has to do with data the device receives when it is locked, but there is also the part which states that, "The BlackBerry device uses the BlackBerry device password to generate the ephemeral 256-bit AES encryption key that the BlackBerry device uses to encrypt the content protection key and the ECC private key. A weak password produces a weak ephemeral key."

In a practical sense, how weak is a four character password when data is obtained after a chipoff? Both labs I contacted are well known, experienced, and respected. How is it that one lab says that it cannot decrypt BlackBerry content protected data while the other one states that it can? If one can't, why can't the other? Or is one not telling the truth? What exactly does the second lab mean when it replies, "In order to crack the password we would need to locate a simple hash match -- via rainbow tables or brute force"? This is the part where I get completely lost. How does it do it (in layman's terms)? For example, if the lab obtains a bunch of BlackBerry data from a memory chip, how does it brute force it and decrypt everything? Is it kind of like the media card software exploit mentioned in I.d. above?* I'm trying to ascertain whether the second lab is completely truthful in its claim that it can decrypt the data. I tend to lean toward yes, because why else would BlackBerry include three encryption strengths and advise to use longer passwords with stronger settings, but at the same time, why is so much emphasis put on the encryption of data the device receives while it's locked (seems like a small concern)? Please set me straight. When chipoff is a possibility, is a four character password a huge risk? I guess I'm a bit confused, lol


*Elcomsoft makes software that will extrapolate a locked BlackBerry's password by brute forcing one file on the micro sd card, but this only works if the "Device Password" mode of encryption was chosen for the media card. If one of the other two modes is in use, the software won't work. As I understand it, if "Device Password" is in use, all of the information needed is on the card. Once a device key is introduced, the card no longer contains all the information needed to extrapolate the password.

 

Maybe this article can help you: http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/.

 

Thanks, MrBrian. Forgot about that one - did see it when it came out. Great insight. I especially like the part about how they cracked "momof3g8kids" by using two dictionaries put together. Bookmarked and saved. I'll re-read it today.

 

I have no idea how Blackberry works, but in other OS', the master encryption key is protected by a password or pass phrase, some salt, and is hashed. If that pass is weak, yes, they will brute force it. Four digit PIN's take seconds. There are some articles written by the various forensic software companies, explaining how they do it. The one thing that prevents them from getting the master key (on a phone that is turned Off) is a really long pass. They basically say that most users use weak passwords, and they can get in...but if the user uses a long one, they can't. The reason you may have gotten two different answers, is that one company may not have wanted to tell anyone outside of law enforcement, just what can and can't be done?

 

Thanks, Pauly. I think I'm starting to see the answer to my dilemma. I had read the Ars Technica article MrBrian recommended and totally forgot about it; it answers a lot of my questions. Sometimes I waver on what I want to do with my security protocols and the applicable settings, but it's becoming pretty clear that a long, complex, sufficiently random password is the only secure way to go. Convenience and security are inversely proportional. With the longer password, I might just have to exercise more self discipline and decrease my security timeout from one hour to something substantially less (or physically lock the phone more often). That is, if I really want the peace of mind ...

Yea, that thought crossed my mind. Perhaps they have an agenda. They do want the business, as I didn't tell them why I was asking, and they both were quick imply that their services would be of use because most people don't use long passwords or encrypt.