Sign in with
Sign up | Sign in
Your question

File Encryption/Security under 2003 SE

Last response: in Cell Phones & Smartphones
Share
Anonymous
a b 8 Security
May 9, 2005 5:23:18 PM

Archived from groups: microsoft.public.pocketpc (More info?)

(sorry, I haven't had much luck searching)

Just joined the Windows ME ranks (kinda missing my Sharp ZR-5800).

Assuming I set up a Password on the PDA, how well is my data secured
relative to a stand-alone program such as eWallet.

Seems like the unit is inaccessible without the password. Is the data
actually being encrypted? If I move the CF card to a PC is it still
readable? How about main memory data?

Thanks
Anonymous
a b 8 Security
May 9, 2005 6:55:11 PM

Archived from groups: microsoft.public.pocketpc (More info?)

Thanks for all the very quick replies....

It does sound like data stored in main memory is pretty well protected
by the built-in password feature of ME.

Seems like to get the data, a person would have to pull the memory
chip(s) (while keeping them powered and refreshing), and reinstall them
into some other memory reader.

An eWallet type program would:

1) add an extra level of protection
2) allow keeping a copy of the data on the main PC with encryption
3) Allow use of the PDA password free while still protecting the data
that needs it (more like my old Sharp).
Anonymous
a b 8 Security
May 9, 2005 7:48:59 PM

Archived from groups: microsoft.public.pocketpc (More info?)

David,

The password feature of your P/PC is secure to the point that it will
prevent anyone from getting into your device should you loose it. However,
files themselves are not encrypted. So, for example, if you have a SD card
with data on it, that card could be pulled out of your device, put into a
reader, and all the data would be there to read.

If you have sensitive data such as PINs, passwords, etc, then yes, eWallet
will do a terrific job for you. You can read a review of it on my site at
http://www.clintonfitch.com/reviews/ilium/ewallet-3-1-0... (The
review is a little dated but you will still get a good feel for what it can
do for you). eWallet can be set up to encrypt this type of data within its
storage file and while I wouldn't go as far as to say it is unbreakable, at
128-bit encryption it makes it no worth while for most prying eyes - unless
you happen to carry national security secrets or something! :-D

As for file encryption, check out Resco Explorer 2003. You can find
information on it at http://www.resco.net and a full review of this product
will be out on my site at the end of the month. It will allow you to
encrypt individual files and folders even on a SD card.

Hope this helps,


--
Clinton Fitch
Senior Editor / Owner
Clinton Fitch (Dot) Com!
http://www.clintonfitch.com

A Pocket PC Magazine "Best Site" for Pocket PC Reviews!

"David_L" <dlevin31262-usenet@yahoo.com> wrote in message
news:1115670198.773573.245830@o13g2000cwo.googlegroups.com...
> (sorry, I haven't had much luck searching)
>
> Just joined the Windows ME ranks (kinda missing my Sharp ZR-5800).
>
> Assuming I set up a Password on the PDA, how well is my data secured
> relative to a stand-alone program such as eWallet.
>
> Seems like the unit is inaccessible without the password. Is the data
> actually being encrypted? If I move the CF card to a PC is it still
> readable? How about main memory data?
>
> Thanks
>
Related resources
Anonymous
a b 8 Security
May 9, 2005 7:57:08 PM

Archived from groups: microsoft.public.pocketpc (More info?)

to expand on clinton's details, everything in RAM (main memory) is very
secure...

the time between password attempts also increases geometrically between
wrong attemps

there are no know methods to recover the password if lost and a hard
reset (erasing everything in RAM) is the only option.

....note that "safe store" memory is also _not_ protected as well as
memory card contents.

hth,
Beverly Howard [MS MVP-Mobile Devices]
Anonymous
a b 8 Security
May 9, 2005 9:24:18 PM

Archived from groups: microsoft.public.pocketpc (More info?)

"Beverly Howard [Ms-MVP/MobileDev]" <BevNoSpamBevHoward.com> wrote in
message news:ent4qmNVFHA.228@TK2MSFTNGP12.phx.gbl...
> to expand on clinton's details, everything in RAM (main memory) is very
> secure...
>
> the time between password attempts also increases geometrically between
> wrong attemps
>
> there are no know methods to recover the password if lost and a hard reset
> (erasing everything in RAM) is the only option.
>
> ...note that "safe store" memory is also _not_ protected as well as memory
> card contents.
>
> hth,
> Beverly Howard [MS MVP-Mobile Devices]


Just to keep the ball rolling on details to the OP, a device that is
password protected will not allow active sync to connect without supplying
the password, either on the device on on the host PC (a dialog box will
appear on the PC if the device is closed, asking for the password). So, no,
you can't take a locked device and browse to it for information via Active
Sync.

As mentioned by both Clinton and Mr. Howard, as devices lean more on Storage
cards (due to lack of internal drive IMHO, but that is another topic), more
and more data that is stored is open to card readers unless some means (such
as those that Clinton mentioned) are employed to encrypt them. To that
point, I would like to mention Tombo, a free hiearchial plain text file
manager that allows 128 bit blowfish encryption on a per-file basis with
different passwords, if desired.

http://tombo.sourceforge.jp/En/index.html

That is, if you have a use for plain text files.
Anonymous
a b 8 Security
May 9, 2005 11:04:36 PM

Archived from groups: microsoft.public.pocketpc (More info?)

Secure is a relative term. And involves cost.

If someone has access to both the PC and the PocketPC, and also has a desire
to get into your device their are ways. Some can be as simple as docking
your device, if the PC has recorded your password this is all that is
needed. The PC will supply the password.


--
David Hettel
Microsoft MVP Mobile Devices

This posting is provided "as is" with no warranties, and confers no rights.
You assume all risks for your use.

Handhelds, mobile: http://www.geekzone.co.nz
Bluetooth guides: http://www.geekzone.co.nz/content.asp?contentid=449

"xTenn" <xTennREmoveThisPart@tds.net> wrote in message
news:%23lsZw1NVFHA.3760@TK2MSFTNGP15.phx.gbl...
>
> "Beverly Howard [Ms-MVP/MobileDev]" <BevNoSpamBevHoward.com> wrote in
> message news:ent4qmNVFHA.228@TK2MSFTNGP12.phx.gbl...
>> to expand on clinton's details, everything in RAM (main memory) is very
>> secure...
>>
>> the time between password attempts also increases geometrically between
>> wrong attemps
>>
>> there are no know methods to recover the password if lost and a hard
>> reset (erasing everything in RAM) is the only option.
>>
>> ...note that "safe store" memory is also _not_ protected as well as
>> memory card contents.
>>
>> hth,
>> Beverly Howard [MS MVP-Mobile Devices]
>
>
> Just to keep the ball rolling on details to the OP, a device that is
> password protected will not allow active sync to connect without supplying
> the password, either on the device on on the host PC (a dialog box will
> appear on the PC if the device is closed, asking for the password). So,
> no, you can't take a locked device and browse to it for information via
> Active Sync.
>
> As mentioned by both Clinton and Mr. Howard, as devices lean more on
> Storage cards (due to lack of internal drive IMHO, but that is another
> topic), more and more data that is stored is open to card readers unless
> some means (such as those that Clinton mentioned) are employed to encrypt
> them. To that point, I would like to mention Tombo, a free hiearchial
> plain text file manager that allows 128 bit blowfish encryption on a
> per-file basis with different passwords, if desired.
>
> http://tombo.sourceforge.jp/En/index.html
>
> That is, if you have a use for plain text files.
>
>
>
Anonymous
a b 8 Security
May 10, 2005 4:48:55 PM

Archived from groups: microsoft.public.pocketpc (More info?)

"David Hettel MS MVP - Mobile Devices" <dhettel@fuse.net> wrote in message
news:%23SEcOuOVFHA.3584@TK2MSFTNGP14.phx.gbl...
> Secure is a relative term. And involves cost.
>
> If someone has access to both the PC and the PocketPC, and also has a
> desire to get into your device their are ways. Some can be as simple as
> docking your device, if the PC has recorded your password this is all that
> is needed. The PC will supply the password.
>
>


True - reminds me of the horrific dialog box, "Do you want Windows to
remember your password". The best outcome is that the user eventually
forgets the password. The worse is that anyone having access to their PC
has access to their online information and more, which they conveniently
provided for the intruder via favorites (the link to which has long been
forgotten).
Anonymous
a b 8 Security
May 14, 2005 10:17:25 PM

Archived from groups: microsoft.public.pocketpc (More info?)

I am trying to find a password manager. Ewallet was on top of my list.
A quick google search of Ewallet reveals a keygen that breaks their
registration code. That does not give a lot of confidence. A cop who
is getting robbed?? Is it just that registration keys are easy to
break. I hope the data is more secure than their registration.

Just curious, How easy is it really to break the encryption
1. Anybody who can google
2. Anyone who can write cracks and keygens
3. Homeland security/CIA
4. Mainframe in 100 years
Anonymous
a b 8 Security
May 15, 2005 11:40:02 AM

Archived from groups: microsoft.public.pocketpc (More info?)

I already read all about theory of encryption. As we all know, theory
and practice are 2 very different things. Sometimes features are
introduced to silence critics or marketing gimmicks and give users a
false sense of security, but have no practical value or have easy
backdoors. For examples, the original Excel97 password(anybody who can
google can break it), Palm password, some Windows program(I think VB)
that just check if an "administrator"is logged in to unlock a file,
even though an administrator on a different domain locked the file,
Itunes songs(easy backdoor to share songs with friends), home security
systems(cut the phone line that is always exposed outside, and it
cannot call the central monitoring, nobody pays attention to a siren,
and cops get more false alarms than genuine alarms and on a average
take an hour to show up. The decal works because burglars have low IQ,
which is why they are burglars)
I don't want to put all my passwords in one place thinking it is more
secure than the system of memorized password I use, only to find out
later that somebody has all my passwords. I know it is more
convenient. I use a free one, but haven't used it for anything where I
could loose money. I am just trying to get opinions about the real
practical value of eWallet type program.

Thanks
Anonymous
a b 8 Security
May 15, 2005 3:18:56 PM

Archived from groups: microsoft.public.pocketpc (More info?)

<rsaforjm@hotmail.com> wrote in message
news:1116119845.709685.118320@g44g2000cwa.googlegroups.com...
>I am trying to find a password manager. Ewallet was on top of my list.
> A quick google search of Ewallet reveals a keygen that breaks their
> registration code. That does not give a lot of confidence. A cop who
> is getting robbed?? Is it just that registration keys are easy to
> break. I hope the data is more secure than their registration.
>
> Just curious, How easy is it really to break the encryption
> 1. Anybody who can google
> 2. Anyone who can write cracks and keygens
> 3. Homeland security/CIA
> 4. Mainframe in 100 years
>

There are a few password managers you can find using a web search. As an
example Mobipassword includes stong encryption- and you can choose which
algorithm to use. It includes blowfish cbc, rc4 and 256 bit AEC CBC and
others.

How hard an encryption is to break depends on the algorithm used. To find
out more about the encryption methods search for them on the web- research
using a web search again..
Anonymous
a b 8 Security
May 16, 2005 1:53:40 AM

Archived from groups: microsoft.public.pocketpc (More info?)

<rsaforjm@hotmail.com> wrote in message
news:1116168002.390828.191000@g43g2000cwa.googlegroups.com...

I am just trying to get opinions about the real
> practical value of eWallet type program.
>
> Thanks
>

It's real value is a personal thing, based on your requirements.
If you use a password make it more secure- mix letters and numbers at the
very least. Better yet include some symbols and make it long. There are
utilities to crack zip files that give an esimate of the time taken to the
options available- set how you want it to search and compare it's estimated
times. Long with mixed numbers and symbols will take longer to crack than
words - you can use dictionary searches too.
Anonymous
a b 8 Security
May 16, 2005 2:32:24 PM

Archived from groups: microsoft.public.pocketpc (More info?)

<rsaforjm@hotmail.com> wrote in message
news:1116168002.390828.191000@g43g2000cwa.googlegroups.com...
>
> The decal works because burglars have low IQ,
> which is why they are burglars)
>

No, the decal works simply because your neighbor's house does not have the
decal, appearing as an easier target. Same for every Automotive security
system on the planet.


Also to note, the more popular a program is the better the chances that a
hack can be found to break it by people who otherwise would not have the
capabilities to do so.
Anonymous
a b 8 Security
May 16, 2005 6:33:04 PM

Archived from groups: microsoft.public.pocketpc (More info?)

I've been experimenting with "Password Master + Desktop Companion 3.0"

http://www.pocketgear.com/software_detail.asp?id=16357

It's only $12 and includes PC companion software (eWallet Pro is $30).

So far, my biggest gripe is the lack .txt or .csv inport/export
functionality (I don't think eWallet has this either). I already have
my passwords written down and this would save time.

I really like that I can keep my passwords on both the PDA and the PC.
Also, I may use this to lock all sensitive data and then not bother
setting up a password on the PDA.

Thought about using password protected excel files, but active sync
can't deal with them.

It looks like tombo might be a really good option too (and it's free).
Anonymous
a b 8 Security
May 16, 2005 8:52:56 PM

Archived from groups: microsoft.public.pocketpc (More info?)

> No, the decal works simply because your neighbor's house does not have the
> decal, appearing as an easier target. Same for every Automotive security
> system on the planet.

Correct -- it is the stupid criminal who ignores the
decal without evidence when similar targets appear
without this deterrent.

> Also to note, the more popular a program is the better the chances that a
> hack can be found to break it by people who otherwise would not have the
> capabilities to do so.

And the less popular the company, especially the "leader"
like IBM in the 80's, or Microsoft in recent years.

Also note that if the lure of the target exceeds a certain threshold
the burglar (etc.) may decide to adjust the attack.

This latter has led to an increase in carjacking of certain
luxury cars (since they are relatively hard to steal off the
street when parked) and to an increase in DAYTIME push-in
home invasions are homes and apartments become harder
to burglarize without detection during the night or when no one
is home.

Sometimes forcing the bad guys to escalate may not be an
improvement unless you are prepared to defend -- unfortunately
no one in particular gets to decide -- it is a collective choice
of the defenders weighed against the individual choice of
a particular attacker.

Do you answer the door unarmed? Is so, why?


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

"xTenn" <xTennREmoveThisPart@tds.net> wrote in message
news:uST8SQiWFHA.616@TK2MSFTNGP12.phx.gbl...
>
> <rsaforjm@hotmail.com> wrote in message
> news:1116168002.390828.191000@g43g2000cwa.googlegroups.com...
> >
> > The decal works because burglars have low IQ,
> > which is why they are burglars)
> >
>
>
!