Not necessarily. If the PalmOS device used an encryption algorithm such as AES which is: (1) Computationally efficient on small processors (2) Has no know mathematical weaknesses (3) Uses a key size >128 (AES can use 512) the encryption could easily be accomplished on the Palm and decryption would have to be by brute force (key guessing) which, with a key size of 128 bits, is not feasible even given the computing capacities of national intelligence organizations (e.g., NSA, GCHQ, ...). Encryption is O(mk), where k is the overhead of the algorithm and m is the number of bits in the message, and decryption is O(mk^n), where n is the number of bits in the key. David Aucsmith Chief Security Architect Intel Corporation *--------------------------------------- * "All that is required for evil to triumph is for good men * to do nothing" - Sir Edmond Burke * * PGP Key Fingerprint * C727 36AE 2DEF 5214 2116 2E28 7CDF C06F 3473 1AE3 *--------------------------------------- -----Original Message----- From: Kris Quinby [mailto:kquinby@private] Sent: Wednesday, 28 November, 2001 11:29 To: crime@private Subject: RE: CRIME [TOOL] PDD, Forensic Analysis for the PalmOS This is interesting and gave me a thought pertaining to law enforcement investigations. I'll assume that any bad guy who is using a palm device is also smart enough to find some freeware/shareware encryption for the truly incriminating information. After dd'ing (copying) the Palm memory to a PC, the investigating officer would have better decryption programs and more processing power to break the encryption. So encryption deemed strong enough to protect data stored on a Palm device without compromise is now obsolete. Anyway just dumping my thoughts, I apologize for the poor sentence structure and incoherent paragraph. Kris -----Original Message----- From: A. Melon [mailto:juicy@private] Sent: Tuesday, November 27, 2001 7:23 PM To: crime@private Subject: CRIME [TOOL] PDD, Forensic Analysis for the PalmOS The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com PDD, Forensic Analysis for the PalmOS
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:35:28 PDT