BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 01-16-2008, 12:18 PM   #1 (permalink)
Thumbs Must Hurt
 
Join Date: Oct 2007
Model: 8310
Carrier: Vodafone
Posts: 58
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Enable Content Protection through policy

Please Login to Remove!

I can't seem to find the settings in BlackBerry Manager policy which control Content and Address Book protection. I want the former on, the later off. Encryption strength I found, but the other two, no luck.

Help?
Offline  
Old 01-16-2008, 01:44 PM   #2 (permalink)
BBF War Game Mod
 
Jadey's Avatar
 
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
Post Thanks: 9
Thanked 29 Times in 23 Posts
Default

If you search the BlackBerry Technical Solution Center for the Policy Reference Guide you'll receive a document with all current IT Policy Setting options. Search that document for Content Protection and you'll see all the glory of device encryption.

(Answer stolen from hdawg in IT Policy Queries - always search first!)
__________________
Jadey : Groupware Infrastructure Architect, Denver CO
If I'm not here, I'm playing World's End on FaceBook. Mob/Mafia Wars are SOO last year
Offline  
Old 01-16-2008, 01:50 PM   #3 (permalink)
BBF War Game Mod
 
Jadey's Avatar
 
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
Post Thanks: 9
Thanked 29 Times in 23 Posts
Default

Content protection strength
Taken from the info regarding a policy item on my BES

Specify whether or not content protection is turned on by selecting the cryptography strength that the BlackBerry device uses to encrypt content that it receives while it is locked.

When content protection is turned on, BlackBerry device content is always protected with the 256 bit AES encryption algorithm. If the BlackBerry device is locked when it receives content, the BlackBerry device randomly generates the content protection key (a 256 bit AES encryption key) and an ECC key pair, derives an ephemeral 256 bit AES encryption key from the BlackBerry device password, and uses the ephemeral key to encrypt the content protection key and the ECC private key.

Strong: Provides good security and performance. This setting is adequate for most situations.
Stronger: Provides better security, but slower performance. If you use this setting, RIM recommends that you set the Minimum Password Length IT policy rule to 12 characters.
Strongest: Provides the best security, but with the slowest performance. If you use this setting, RIM recommends that you request that the user set a password of at least 21 characters.

Note: Set this rule to prioritize either encryption strength or decryption time. When the BlackBerry Enterprise Server decrypts the message using the BlackBerry device master encryption key, it uses the ECC public key in the decryption operation first, followed by a 256 bit AES decryption operation. The ECC decryption operation adds time to the decryption process.

Rule dependency: The BlackBerry device uses this IT policy rule only if the Password Required rule is set to True.
Note: If you do not set this rule, the BlackBerry Enterprise Server does not force content protection on the BlackBerry device; if the user enables content protection on the BlackBerry device, it forces the Strong setting, which is the Default setting.


This rule applies only to Java-based BlackBerry devices version 4.0.0 and higher.
__________________
Jadey : Groupware Infrastructure Architect, Denver CO
If I'm not here, I'm playing World's End on FaceBook. Mob/Mafia Wars are SOO last year
Offline  
Old 01-17-2008, 01:42 AM   #4 (permalink)
Thumbs Must Hurt
 
Join Date: Oct 2007
Model: 8310
Carrier: Vodafone
Posts: 58
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Great stuff, thanks!

Anyone know whether the reason for the minimum password length is:

a) If you're using encryption this good you need a password to match or it's a waste.

b) You won't get a satisfactorily secure key without a password this length

??

Last edited by Quitch : 01-17-2008 at 01:46 AM.
Offline  
Old 01-17-2008, 11:52 AM   #5 (permalink)
Ugg
Thumbs Must Hurt
 
Join Date: Dec 2006
Model: 8310
OS: 4.5
Carrier: O2
Posts: 197
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Cynically, I'd always thought that it was:

c) Some corporate security policies require that a password is X characters long, and so in order to be accepted into such a corporation, the BB needs to support this policy.

(the serious answer, I suppose, is that it's not going to take some miscreant long to work out what characters someone's typing to unlock a device if they see them typing those characters a lot)
Offline  
Old 01-17-2008, 12:24 PM   #6 (permalink)
BBF War Game Mod
 
Jadey's Avatar
 
Join Date: Oct 2006
Location: Denver CO
Model: Z10
OS: 10010614
PIN: SEEKRIT innit
Carrier: AT&T
Posts: 4,294
Post Thanks: 9
Thanked 29 Times in 23 Posts
Default

I don't know for sure, but I'd assume a mix of both. As stated in the RIM text above, part of the CP process requires creating a 256 bit AES key from the password.
The text also says the stronger the level of CP, the longer the password should be.

My assumption is that if you are using a short password, the device will pad the password length to a required length. Padding does not enhance security, as it leaves less "real" data to be cracked.

I might be wrong tho. Just a guess.
__________________
Jadey : Groupware Infrastructure Architect, Denver CO
If I'm not here, I'm playing World's End on FaceBook. Mob/Mafia Wars are SOO last year
Offline  
Old 01-17-2008, 04:03 PM   #7 (permalink)
Thumbs Must Hurt
 
Join Date: Apr 2005
Location: New York City
Model: 8310
Carrier: ATT
Posts: 132
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

CP = Headache

Just my 2 cents... Activations take longer, and sometimes fail... wipes take longer (2+ hrs) etc...
Offline  
Old 01-18-2008, 01:41 AM   #8 (permalink)
Thumbs Must Hurt
 
Join Date: Oct 2007
Model: 8310
Carrier: Vodafone
Posts: 58
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

However, without it I don't see what's to stop someone stealing your Blackberry, plugging it into a machine, then having access to the raw data files. I'd have thought that if you have sensitive information on your Blackberry (such as the kind your COS is sending by e-mail) then CP is simply a must.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.