[thomas708]

Under Options > Security Options > General Settings there is a Content Protection option. I'm guessing that if this option is turned on, that means I'm doing an encryption on the entire device, including all applications and data. Am I correct? If not please correct me. Also, there are 3 protection strengths: strong, stronger, and strongest. That doesn't means squat unless I can compare it to known encryption levels, such as DES, 3DES, AES, etc. Can anyone tell me what these protection strengths correspond to? Thanks.

[Sci-Tek]

I'm interrested in this aswell, tried to google for it.. but failed :(

[John Clark]

When content protection is on then the free memory is actually wiped instead of marked as available to write over. If you wipe the device when content protection is enabled it will take several hours to wipe the device.

[thomas708]

John, I don't quite understand what you mean by "free memory is actually wiped instead of marked as available to write over". You also mention wiping the device takes several hours. It seems like you use the word "wipe" with different meanings in different contexts. I guess this is what confused me.

[celeb]

It's a headache

OK now seriously, it's actually a feature which encrypts ALL of the data on the device. A few issues are experienced while using CP such as not having tasks sorted by category, not being able to change the password of a device remotely and having activations last a lot longer (and risk failure)

CP is a good idea in theory, but as John said, if you have it enabled and wipe the device, you will be out of commission for an hour and a half at least.

Another tip is to remember that you can enable CP from the IT Policy, however, if you change your IT Policy to not force CP, and the device already had the original policy enabling CP, CP will not switch off without manual intervention.

[thomas708]

I'm taking a guess here: all memory on the device, including both occupied and free memory, are encrypted so any read/write from/to memory, including both read/update to an occupied memory area or a read/write to a free memory area, the memory area under question must be unencrypted first (there is no way to tell whether the memory area under question is occupied or free). Am I correct?

If this is true then wiping the entire device means unencrypting each and every single memory location, then write some pre-determined pattern to that memory location, then encrypt that memory location. This has to be done for all of the 16MB, 32MB, or however much memory the device has. Am I correct?

Also, my original question of the protection strengths of strong, stronger, and strongest correspond to what encryption levels (DES, 3DES, AES-256, etc.) is still unanswered. Anyone knows?

[celeb]

Strong: 160-bit ECC public key; provides good security and good performance, adequate for most situations
xxx8226;Stronger: 283-bit ECC public key; provides better security but slower performance than the Strong setting
xxx8226;Strongest: 571-bit ECC public key; provides the highest level of security but the slowest performance of the three settings

This is in the BES Policy Reference guide.