> OS 4 doesn't encrypt any data. The enhanced security is due to Palm
> closing holes that would allow getting into a device that had been
> locked (when locked, you cannot debug or hotsync). There also are
> automatic timeouts for locking the device that can be set. However,
> once you have access to the device, there is no additional security
> for the data. It is still in the clear in memory.
Obviously.
But why do they continue to term this 'encryption'? It's not
encryption when the data on the device, desktop, and data structures is
stored and transferred in clear-text.
http://www.palm.com/software/palmos4.html
1st bullet in the above webage states:
- Enhanced Security - Put an automatic lock
on your handheld, assign a password and encrypt
sensitive data to keep information safe,
then view or edit secured data easily.
My beef is that it's misleading. We all agree that the Palm device
is insecure, but instilling a false sense of security in the users is
probably not a wise idea. The data is in no way encrypted; on the device,
in transit, or on the desktop.
From various sources:
1. (dict.org)
----------
Any procedure used in cryptography to convert plaintext into
ciphertext in order to prevent any but the intended recipient from
reading that data. There are many types of data encryption, and
they are the basis of network security. Common types include Data
Encryption Standard and public-key encryption. The Unix command
crypt performs encryption.
2.
----------
The translation of data into a secret code. Encryption is the most
effective way to achieve data security. To read an encrypted file,
you must have access to a secret key or password that enables you
to decrypt it. Unencrypted data is called plain text ; encrypted
data is referred to as cipher text.
3.
----------
Encryption is the conversion of data into a form, called a cipher,
that cannot be easily understood by unauthorized people.
Decryption is the process of converting encrypted data back into
its original form, so it can be understood.
http://iroi.seu.edu.cn/books/whatis/encrypti.htm
Anyway, you get the point. Some of us are quite a bit more
security-minded than others, and when dealing with support issues where
people ask you about this "security", and you have to explain to them that
it's not really secure, just "only a bit harder to get to the data"... is
frustrating.
/d
--
For information on using the Palm Developer Forums, or to unsubscribe, please see
http://www.palmos.com/dev/tech/support/forums/
