Steve, It could be that the linkage between user ids and auth keys is too weak, allowing a MITM attack to be undetected that sniffs the data encryption key. This seems to be common problem with many of the secure protocols I've examined.
- Alex > ----- Original Message ----- > From: "Steven M. Bellovin" <[EMAIL PROTECTED]> > To: cryptography@metzdowd.com > Subject: Blackberries insecure? > Date: Wed, 20 Jun 2007 23:41:20 -0400 > > > According to the AP (which is quoting Le Monde), "French government > defense experts have advised officials in France's corridors of power > to stop using BlackBerry, reportedly to avoid snooping by U.S. > intelligence agencies." > > That's a bit puzzling. My understanding is that email is encrypted > from the organization's (Exchange?) server to the receiving Blackberry, > and that it's not in the clear while in transit or on RIM's servers. > In fact, I found this text on Blackberry's site: > > Private encryption keys are generated in a secure, two-way > authenticated environment and are assigned to each BlackBerry > device user. Each secret key is stored only in the user's secure > regenerated by the user wirelessly. > > Data sent to the BlackBerry device is encrypted by the > BlackBerry Enterprise Server using the private key retrieved > from the user's mailbox. The encrypted information travels > securely across the network to the device where it is decrypted > with the key stored there. > > Data remains encrypted in transit and is never decrypted outside > of the corporate firewall. > > Of course, we all know there are ways that keys can be leaked. > > > --Steve Bellovin, http://www.cs.columbia.edu/~smb > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] > --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]