16

The NIST defines a vulnerability in RIM Blackberry encryption discovered last October.

Apparently, Blackberry's flavour of PBKDF2 was weak. They say:

The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack.

[Note: emphasis added.]

What does "single-iteration" mean?

Does it mean that the fourth PBKDF2 parameter was 1? (Considering the function PBKDF2 (HMAC, password, salt, nbiterations, length).)

Or do we actually have to feed the result of PBKDF2 to itself, over and over again, a great number of times?

AviD
  • 72,138
  • 22
  • 136
  • 218
Thaddee Tyl
  • 273
  • 1
  • 5

1 Answers1

12

Here's the PDF of the standard

ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-5v2/pkcs5v2-0.pdf

That shows (page 4 & 5) that RIM set nbiterations as 1.

Here's a more general overview for people wanting a bit of easy to read background: (It's a blog post of a company selling products which they mention on that page, with a single text link.)

http://blog.crackpassword.com/2010/09/smartphone-forensics-cracking-blackberry-backup-passwords/

DanBeale
  • 2,064
  • 3
  • 18
  • 27