[obergs2]

I work for a co. that is currently implementing a policy push from our BES server that includes encryption, 4 char password and auto wipe after 10 incorrect password attemps.

A question has come up from upper executives as to the necessity for encryption as it eats battery time and it slows the OS.

My question is what tools are available to access data on a stolen BB that has a 4 char password WITHOUT ENCRYPTION and how quickly could that said device be cracked.

[Thyth]

This highly depends on the motivation of your attacker. If someone really wants the data stored on a hand held, they would tap the flash chips, and read the data out that way. With the correct equipment, dissembling the device and extracting data from flash would be a matter of minutes.

With the 10 password entry limitation, brute forcing the password wouldn't be a good way to access the device.

Make the call based on your threat model.