Results 1 to 6 of 6

This applies to the following BlackBerry Enterprise Server software version 4.0 or later for IBM ... Server Admins forum

  1. #1
    hayden's Avatar
    hayden no está en línea Stack Mod
    Join Date
    Jul 2004
    PIN/ID
    ask
    Posts
    12,440

    Recommendation: Triple DES or AES for BlackBerry transport layer encryption

    Advertisement



    This applies to the following BlackBerry Enterprise Server software version 4.0 or later for IBM Lotus Domino, BlackBerry Enterprise Server software version 4.0 or later for Microsoft Exchange.

    The BlackBerry Enterprise Solution uses symmetric key cryptography to encrypt and decrypt data sent between the BlackBerry Enterprise Server and the BlackBerry device.

    BlackBerry Enterprise Server software version 4.0 or later for Microsoft Exchange and the BlackBerry Enterprise Server software version 4.0 or later for IBM Lotus Domino allow the administrator to set one or both of two industry standard encryption algorithms for use with BlackBerry transport layer encryption: Triple Data Encryption Standard (Triple DES) and Advanced Encryption Standard (AES). The BlackBerry Enterprise Solution uses Triple DES (112-bit keys) or AES (256-bit keys) to encrypt and decrypt the data sent between the BlackBerry Enterprise Server and the BlackBerry device.

    Note: All versions of the BlackBerry Enterprise Server software for Novell GroupWise support AES encryption only.
    See the BlackBerry Enterprise Solution Security Technical Overview for more information on BlackBerry Enterprise Solution security features.

    Recommendation
    It's recommended to set the BlackBerry Enterprise Server to use AES transport layer encryption for all communication with BlackBerry devices.

    AES was created through a competition to design an algorithm with a better combination of security and performance than Triple DES. It is recognized throughout much of the security industry as the successor to Triple DES, and is also currently approved by the United States Committee on National Security Systems (CNSS) for protecting top secret government information. For more information, see http://www.cnss.gov/Assets/pdf/cnssp_15_fs.pdf.
    There are currently no publicized cryptanalytic attacks, other than brute-force, against systems protected by AES. A brute-force attack against an AES-256 system is nearly impossible with current technology. Even with a network of 100 billion computers each running continuously at 100 GHz, it would take over 10^47 years to break a single AES-256 key by brute force. In comparison, the universe is generally believed to be less than 10^11 years old.

    Selecting an encryption type on the BlackBerry Enterprise Server
    An administrator with appropriate database permissions can select an encryption type in the BlackBerry Manager to specify the algorithm(s) that encrypt and decrypt all data communication between the BlackBerry Enterprise Server and all BlackBerry devices on the BlackBerry Enterprise Server.

    Triple DES
    • default encryption method on BlackBerry Enterprise Server software version 4.0 or later for Microsoft Exchange and BlackBerry Enterprise Server software version 4.0 or later for IBM Lotus Domino
    • allows use of the Triple DES algorithm
    AES
    • default encryption method on the BlackBerry Enterprise Server software version 4.0 or later for Novell GroupWise
    • enables use of the AES algorithm
    Triple DES and AES
    • allows use of both the Triple DES and the AES algorithm
    • provides Triple DES encryption on BlackBerry devices that do not support AES (BlackBerry devices running BlackBerry Device Software versions earlier than 4.0, BlackBerry Connect™ devices, and BlackBerry Built-In™ devices)
    • provides AES encryption by default on BlackBerry devices that support AES
    See the BlackBerry Enterprise Server System Administration Guide for more information.

    Checking the encryption type on a BlackBerry device
    BlackBerry device users can perform the following steps to verify the type of encryption used to protect the data in transit between their BlackBerry devices and the BlackBerry Enterprise Server:
    1. In the BlackBerry device Home screen, click Options.
    2. Click Security or Security Options.
    3. Click General Settings.
    4. Scroll to the bottom of the screen.
    5. Under Services, the BlackBerry service specifies the type of encryption used (for example, AES or 3DES). Note: 3DES represents Triple DES encryption.
    Software requirements for BlackBerry encryption algorithms
    Encryption algorithm BlackBerry Enterprise Server BlackBerry Device Software BlackBerry Desktop Software Triple DES any version any version any version AES 4.0 or later 4.0 or later 4.0 or later

  2. #2
    HotWax's Avatar
    HotWax no está en línea BES Pro
    Join Date
    Jun 2006
    Posts
    146

    Re: Recommendation: Triple DES or AES for BlackBerry transport layer encryption

    If I change the default of 3DES to 3DES or AES, would affect current Blackberry Devices? Domino BES 4.0. Thanks!

    And.. all our devices are 4.0 or higher.
    Last edited by HotWax; 08-25-2006 at 10:53 AM.

  3. #3
    jfny's Avatar
    jfny no está en línea Stack level 1
    Join Date
    Aug 2006
    Posts
    8

    Re: Recommendation: Triple DES or AES for BlackBerry transport layer encryption

    Quote Originally Posted by hydn
    In comparison, the universe is generally believed to be less than 1011 years old.
    Ummm, no....even the creationists think it's 5766 years old.

  4. #4
    HotWax's Avatar
    HotWax no está en línea BES Pro
    Join Date
    Jun 2006
    Posts
    146

    Re: Recommendation: Triple DES or AES for BlackBerry transport layer encryption

    Please don't shoot the messenger... this is RIM's data.

  5. #5
    Rcbjr's Avatar
    Rcbjr no está en línea Stack Pro
    Join Date
    May 2006
    PIN/ID
    PM - Ask
    Posts
    14,848

    Re: Recommendation: Triple DES or AES for BlackBerry transport layer encryption

    Thanks HotWax. hydn is in the clear. The problem here is that his original post didn't format properly It wasn't 1047 and 1011, but 10^47 and 10^11 or 10e47 and 10e11 to use different methods of displaying numbers as powers of ten.

    But You have to admit the way it reads here on Pinstack is amusing to say the least.

    Hope this helps.
    Rcbjr.
    You Ask, We Will Answer
    Can’t Install theme via DM?No Additional Apps Found for Your Device
    Links to Usefull KB Articles

  6. #6
    Jobsdone's Avatar
    Jobsdone no está en línea Stack level 2
    Join Date
    Jul 2006
    Posts
    60

    Re: Recommendation: Triple DES or AES for BlackBerry transport layer encryption

    Quote Originally Posted by Jobsdone
    http://www.eweek.com/article2/0,1895...EMNL081806EOAD

    The link above is a recent article that came out of the DefCon meeting in Vegas last week. interesting reading to say the least.
    Cordially,

    Jobsdone

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •