nokia n95 password encryption
June 14, 2008 10:29 PM   Subscribe

Encrypting saved passwords is usually completely pointless (although, not uncommon), because in order to operate the legitimate client program(s) which require the password, the encryption key must be present on the device... so, most often, malicious software is also able to easily get the key and decrypt the passwords. (If you had someplace where you could hide the key from malicious programs, you could just put the passwords there and you wouldn't even need to encrypt them... essentially, this is the problem which makes unbreakable DRM impossible.)

I don't know what the N95 does, but if you can check your mail on it without entering a password then I would assume that malicious software on it probably could too.
posted by finite at 11:12 PM on June 14, 2008

The central server scenario doesn't improve your threat model much. Presumably, the mail client would need a secret to authenticate to the central server, which just forces malicious code to impersonate the mail client to the password server instead of the POP server.

Also, "completely reverse engineered" is a huge exaggeration. I have reverse-engineered pseudo-security with the key embedded in the application before, and it took me a couple of hours to find the decryption part and rewrite it as a perl script (it took me a bit longer to find out that what I had done was reimplement RC4). "Easy" depends, but I'm nowhere near as skilled as the average Internet criminal when it comes to this stuff.

If you need to be as paranoid as you seem to be, do not save your passwords. Otherwise, evaluate your priorities. You're vulnerable in principle, but I'm pretty sure that there's no criminal business model currently in operation that's based on exploiting flaws in the N95 web browser and using that to read people's mail.
posted by themel at 12:05 AM on June 15, 2008

It's not stored as plaintext, if that's what you're worried about. Secondly, it's quite improbable that malicious code run in the browser can access the filesystem, especially the areas where passwords and other important stuff is stored.
posted by cyanide at 12:42 AM on June 15, 2008

I disagree with cyanide's assessment of what is "quite improbable". Here is a Symbian program which claims to recover passwords from any email program -- regardless of how/if passwords are encrypted -- by simply pretending to be an SMTP server and redirecting the client to connect to it. (The N95 isn't supported, but the same or a similar method could probably work on that model.)

Also, although I don't know much about Symbian, I'd be surprised if you couldn't use an emulator and/or debugger to locate the region of memory where the mail client has the password ready to send to the server, and once that location is known there is probably a way for malicious code on the device to access it. So, even if a proprietary encryption system is being used, it would not be necessary for an attacker to figure out how exactly it works because they can simply read its output instead.

themel is correct to describe this kind of crypto application as pseudo-security. If the attacker can has the encryption key, what is the point of using encryption? (And again, if you could keep the attacker from getting the key, why would you even need to encrypt the password in the first place?)
posted by finite at 1:20 PM on June 15, 2008 [1 favorite]

This thread is closed to new comments.