Active Topics
-
Nokia Booklet 3G (RX-75) Drivers (60)
to Alternatives by Maemish - 3 days, 14 hrs ago -
Is there a section to talk about Java ME? Apps, etc. (7)
to General by teroyk - 6 days, 10 hrs ago - more...
lma |
2010-10-29
, 07:35
|
|
Posts: 2,802 |
Thanked: 4,491 times |
Joined on Nov 2007
|
#11
|
Originally Posted by Pluto
And then what? Should it prompt for the decryption key every time you access a stored message? Anything else would mean the key is stored somewhere (even if it's just in RAM) which defeats the purpose.
 |
|
2010-10-29
, 07:39
|
|
Posts: 3,159 |
Thanked: 2,023 times |
Joined on Feb 2008
@ Finland
|
#12
|
Originally Posted by Pluto
what is the point complying to industry standards when you can bypass everything with one single
Thanks for all the replies. I guess the issue is, in this case, is with the actual native mail client on the N900. It does not encrypt stored messages. This is a major security issue since the application does not comply with industry security standards. I was actually very surprised.
Code:
sudo gainroot
__________________
Want to know something?
K.I.S.S. approach:
wiki category:beginners. Browse it through and you'll be much wiser!
If the link doesn't help, just use
Google Custom Search
Want to know something?
K.I.S.S. approach:
wiki category:beginners. Browse it through and you'll be much wiser!
If the link doesn't help, just use
Google Custom Search
|
|
2010-10-29
, 07:51
|
|
Posts: 196 |
Thanked: 224 times |
Joined on Sep 2010
@ Africa
|
#13
|
Originally Posted by Pluto
What key should it use to encrypt messages?
Thanks for all the replies. I guess the issue is, in this case, is with the actual native mail client on the N900. It does not encrypt stored messages.
This is a major security issue since the application does not comply with industry security standards.
So the correct solution is for the native email client to store this info encrypted.
I have done some other research and apparently there are a number of apps both native and/or developed that stores info like usernames, passwords, chat messages, SMS, etc, in plain text.
For the time being does anyone know of a secure email client?
Should we report this as a bug?
Second, we could probably run through some concepts of how this could be implemented to support a standard while not making the device almost impossible to use or losing existing features (such as ability to access "MyDocs" from PCs without requiring software that might not be present on most PCs)
|
|
2010-10-29
, 07:54
|
|
Posts: 2,802 |
Thanked: 4,491 times |
Joined on Nov 2007
|
#14
|
Originally Posted by ossipena
If you think root privileges can bypass everything, then
what is the point complying to industry standards when you can bypass everything with one single
?Code:sudo gainroot
Code:
-----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.10 (GNU/Linux) hIwDAAAAAAAAAAABA/0Qt/YgWTEfXfB3hwNc5IqiL3lIaDU0Iqw5tWG9M4/b59Sp d+cO8c4COL18+xSPjvp7mVJ4/wsZWPq0B3ujmvm2hMPpX4DeUWR1klB3+kBqyKyg Hb9GcDhqdiu+eEKH95zr8rc/NxuVAPtc5x1/3h5p5/o0w6aFz+DXgBVNelnedYUC DgMAAAAAAAAAABAH/07UepgQKfPVsMeJfxRTDfdkxKHmuCP8j9dDBOjhNQTteiiN XB+lhLoYjjeXM/EYMlpzuGSWdQ54TIfz6Q3Gh9Wqs0TU6R9eSsl9RjeLeSELkXp1 r+fXu0xpVHJdRciVJ9zn+a0s3LZosxXT9Ub8TaNORJ1hF813ncHT/NxuQM259ao6 SRgPXDKv2L0Qzv6Tdvi/caa47cpNxVNYUbfPtCQW15yAVfofKcsn3Kweq8wIvNzg PJ3s6mIbPuo09SeVS3SFwf37wuSElqdtrciu0aSDpR3IyTOjR4+Ak2ifpK4TFhVP H8Cz7rMfg3actFpEip2UUi7JgkOXfD3qNefCcE8H/1WlqzOmVE945H+EzhrZS6iQ B1vkdcNsgUKcI+JSM6arswm8MNcBeBOq34Yx0G7qiEMA8gLQx2qi5aKb4+foPd7X 39fuJ4mVhSKc1v7mtciGfdwbwjySayFXWFT7+T2b5jrX0WSir1kx1128QCDGkJNn KTfoQiCB8BSUWXUhtGuPJY6YOnlOQaOnw8GyEPV1+kOrtsd5NNS9xQKrHUzI+dnj eMDVZTJCmK/7NLtwiiB22TuMGqr7sLVUC0Jo5vRMpWk7nDbpiuerWwMlyQC6yf0/ zy2OxlzUjhmi6UmNaozEFH2DiLL5Jt4hv5iJXSk5kQacPF6BfWyMzyFKGKiYwqnS UgHM9pwP3BO0hLyYCPZS5AC6VoWoguZYdGcnJycNveFkvT0mmdpZDD5uxA+7Tfyl Ow4sNv0QqAb0OtX83A9bzZ7IOSAFCY9wCqvvsk/o/xKnE5s= =ECnd -----END PGP MESSAGE-----
 |
|
2010-10-29
, 08:18
|
|
Posts: 186 |
Thanked: 192 times |
Joined on Jan 2010
@ Finland
|
#15
|
Originally Posted by lma
That would be the only proper solution, however the "every time" part can be relaxed a bit. The password could be asked every time the app is started for example (and that would mean no automatic mail fetching in background).
And then what? Should it prompt for the decryption key every time you access a stored message? Anything else would mean the key is stored somewhere (even if it's just in RAM) which defeats the purpose.
Easiest thing for an user to do is to set up home dir (or full disk) encryption. Both should be within reach, however will require some hacking. Strict device lock policy is also necessary, so that an average attacker is forced to clear the RAM (and the enc. key) as his first move.
For OP, if you want security standards compliance, go with a security standards certified device. N900 is not one, and won't become one with a software update. I'm quite sure e-mail local storage isn't the only area where security fails.
__________________
Trout have underwater weapons.
Trout have underwater weapons.
Last edited by juise-; 2010-10-29 at 08:22.
|
|
2010-10-29
, 08:31
|
|
Posts: 2,802 |
Thanked: 4,491 times |
Joined on Nov 2007
|
#16
|
Originally Posted by juise-
That would mean storing the key in RAM, from where it's trivial to retrieve it. Besides, the email app is autostarted at boot time, even if you don't want it and don't even have any accounts configured :-(
The password could be asked every time the app is started for example (and that would mean no automatic mail fetching in background).
Easiest thing for an user to do is to set up home dir (or full disk) encryption. Both should be within reach, however will require some hacking.
|
|
2010-10-29
, 08:46
|
|
Posts: 186 |
Thanked: 192 times |
Joined on Jan 2010
@ Finland
|
#17
|
Originally Posted by lma
I challenge you to retrieve something from my device's RAM, right now!
That would mean storing the key in RAM, from where it's trivial to retrieve it.
No, really, how do you do it without access to the device?
(Edit: OK, we're probably talking about different things, I meant the naive way where the GUI == app)
And how do you do it with access to a LOCKED device?
Originally Posted by lma
It's not about if it's running or not, it's about if it's keeping key material in RAM. Two different things.
Besides, the email app is autostarted at boot time, even if you don't want it and don't even have any accounts configured :-(
Originally Posted by lma
You only quoted half of that block, and it also seems that you only read half of it. Here's the second half again:
But the encrypted block device/filesystem would be mounted (and thus accessible as plaintext) while the device is on. The only protection it would add would be in case the thief rebooted the device before trying to read the messages.
Originally Posted by juise-
Edit:Strict device lock policy is also necessary, so that an average attacker is forced to clear the RAM (and the enc. key) as his first move.
Trying to make it more clear, that my assumption was that either:
(a) The attacker has access to device that has no key material in RAM (i.e. the e-mail app was closed before he got access).
(b) The attacker has access to device that has key material in RAM, but that is locked (the HDE/FDE case WITH automatic locking).
__________________
Trout have underwater weapons.
Trout have underwater weapons.
Last edited by juise-; 2010-10-29 at 09:08.
|
|
2010-10-29
, 09:03
|
|
Posts: 3,159 |
Thanked: 2,023 times |
Joined on Feb 2008
@ Finland
|
#18
|
Originally Posted by lma
you completely missed my point. doesn't root have access to stuff millisecond before you start generating the encrypted data?
If you think root privileges can bypass everything, then
Code:-----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.10 (GNU/Linux) hIwDAAAAAAAAAAABA/0Qt/YgWTEfXfB3hwNc5IqiL3lIaDU0Iqw5tWG9M4/b59Sp d+cO8c4COL18+xSPjvp7mVJ4/wsZWPq0B3ujmvm2hMPpX4DeUWR1klB3+kBqyKyg Hb9GcDhqdiu+eEKH95zr8rc/NxuVAPtc5x1/3h5p5/o0w6aFz+DXgBVNelnedYUC DgMAAAAAAAAAABAH/07UepgQKfPVsMeJfxRTDfdkxKHmuCP8j9dDBOjhNQTteiiN XB+lhLoYjjeXM/EYMlpzuGSWdQ54TIfz6Q3Gh9Wqs0TU6R9eSsl9RjeLeSELkXp1 r+fXu0xpVHJdRciVJ9zn+a0s3LZosxXT9Ub8TaNORJ1hF813ncHT/NxuQM259ao6 SRgPXDKv2L0Qzv6Tdvi/caa47cpNxVNYUbfPtCQW15yAVfofKcsn3Kweq8wIvNzg PJ3s6mIbPuo09SeVS3SFwf37wuSElqdtrciu0aSDpR3IyTOjR4+Ak2ifpK4TFhVP H8Cz7rMfg3actFpEip2UUi7JgkOXfD3qNefCcE8H/1WlqzOmVE945H+EzhrZS6iQ B1vkdcNsgUKcI+JSM6arswm8MNcBeBOq34Yx0G7qiEMA8gLQx2qi5aKb4+foPd7X 39fuJ4mVhSKc1v7mtciGfdwbwjySayFXWFT7+T2b5jrX0WSir1kx1128QCDGkJNn KTfoQiCB8BSUWXUhtGuPJY6YOnlOQaOnw8GyEPV1+kOrtsd5NNS9xQKrHUzI+dnj eMDVZTJCmK/7NLtwiiB22TuMGqr7sLVUC0Jo5vRMpWk7nDbpiuerWwMlyQC6yf0/ zy2OxlzUjhmi6UmNaozEFH2DiLL5Jt4hv5iJXSk5kQacPF6BfWyMzyFKGKiYwqnS UgHM9pwP3BO0hLyYCPZS5AC6VoWoguZYdGcnJycNveFkvT0mmdpZDD5uxA+7Tfyl Ow4sNv0QqAb0OtX83A9bzZ7IOSAFCY9wCqvvsk/o/xKnE5s= =ECnd -----END PGP MESSAGE-----
e: I mainly referred to the fact that giving physical access to someone might end things up in a way that there is a script running as root, grabbing data and uploading it to server x. even when you have million industry standards, things doesn't change a bit.
__________________
Want to know something?
K.I.S.S. approach:
wiki category:beginners. Browse it through and you'll be much wiser!
If the link doesn't help, just use
Google Custom Search
Want to know something?
K.I.S.S. approach:
wiki category:beginners. Browse it through and you'll be much wiser!
If the link doesn't help, just use
Google Custom Search
Last edited by ossipena; 2010-10-29 at 09:05.
|
|
2010-10-29
, 09:16
|
|
Posts: 2,802 |
Thanked: 4,491 times |
Joined on Nov 2007
|
#19
|
Originally Posted by juise-
The same way you would retrieve plain-text emails without physical access or from a locked device (which may include "no way"). My point is that encrypting the stored messages doesn't really add any extra security unless it's implemented in a way that's too inconvenient for most people to use.
No, really, how do you do it without access to the device?
(Edit: OK, we're probably talking about different things, I meant the naive way where the GUI == app)
And how do you do it with access to a LOCKED device?
It's not about if it's running or not, it's about if it's keeping key material in RAM. Two different things.
You only quoted half of that block, and it also seems that you only read half of it. Here's the second half again:
Strict device lock policy is also necessary, so that an average attacker is forced to clear the RAM (and the enc. key) as his first move.
In Harmattan, with access to the hardware TPM (but only in "closed" mode), the situation will be different but for Maemo as it stands I don't see any good solutions.
 |
|
2010-10-29
, 09:22
|
|
Posts: 549 |
Thanked: 299 times |
Joined on Jun 2010
@ Australian in the Philippines
|
#20
|
Originally Posted by Pluto
If you are worried about security - symlink your mail store to a truecrypt partition that you manually mount any time you want to interact with Modest or whatever your mail user agent happens to be.
Dante, I don't store the email passwords on the device (email setup), so the thief won't be able to log into the account, however emails are being stored as plain text which is a huge security issue.
This isn't the huge security flaw that you feel it is. Really, it's not.
There comes a point where you need to decrypt your email to read it obviously, and to do this you need a key that has to be difficult to brute force - so ask yourself, are you really going to type in 64+ characters or whatever your pass phrase happens to be, every time you want email? It's the only way - otherwise you leave yourself open to key recovery via RAM, swap, or storage.
It's much easier to beef up your physical security than worry so much about email.
Alternatively you could just go web based and keep your mail server locked in a concrete box in your basement...