An interesting InfoWorld titled You can no longer rely on encryption to protect a BlackBerry about how a targeted Russian cracking tool now supports BlackBerry password recovery. 

The post covers some technical details about how the number of iterations of a password protection algorithm are import. When you take a password and mash it into a key (not the technical term) you don't want that process to be too quick. If its quick it makes a brute force (dictionary) attack feasible. If however your password processing takes 1 or 2 seconds, the brute force approach becomes impossible because every possible password takes seconds. 

The number iterations has to increase over time to account for the fact that processors get faster and faster. The InfoWorld story should come with another bit of advice, if your password isn't easily constructed from a dictionary attack, then the lack of iterations isn't such a big problem. For example:

• password
• password12
• 12password

These are weak because "password" is a dictionary word and adding a number does not increase the complexity. 

But adding:

• Pass12word
• pAssw0rd

Upper and lower case and numbers not as prefix or suffix makes a dictionary attack much harder. 

Here's a rule:

The use of high-iterations in passwords protects the system from bad user passwords, more complex passwords protects the system from weak crypto implementations. 

I'm sure RIM will sort this in an update soon. If you want to add additional security to your mobile device take a look at Egress Switch - we're releasing our Switch Mobile client for BlackBerry this month (Oct 2010). 

 

 

 

A lot of documentation exists on having a Application auto start when the device starts. Having the ability to run some code during device start up is essential if you need to register or setup your application to handle events on the device. 

Most of the existing documentation indicates that you should add a second project to your workspace in Eclipse and then define a "Alternate Entry Point" this would allow you to specify a start up parameter to the main function so you can determine if the application is starting because of device boot up or because the user invoked it. 

Well as far as I can not tell this method is no longer supported when you install the latest BlackBerry SDK ontop of Eclipse. The method I've now got working and to be honest seems far more robust is to simply have your application "Auto-run on startup" and then detect the status of the handset in your main function. This article here tells you exactly how to detect this. 

I hope this method works out for you if your trying to do the same, there are thousands of post on how to do the alternate entry point method and only limited information on how to do it this way. 

Also make sure you don't enter the GUI event dispatcher during device startup or you'll get some unpredictable results. 

Note: I'm using Eclipse 3.5.2 and the 1.1 SDK from RIM. Targeting  4.6 to 5.0 Blackberry OS. 

 

 

I'm spending quite a lot of time working on BlackBerry development these days, This is not something I've worked on before so I've been on the "Platform learning curve" over the last we months. 

I have to be honest I'm really enjoying working on BlackBerry RIM has developed a very nice platform to build application ontop of, however its not all pain free - there have been a great number of "gottchas" I've had to deal with, and I'm planning on sharing those here just incase your the next person who has to solve some problem and needs some help. 

Forums are great - but when someone resolves a problem they don't always share the final results which means you as a developer can still be short of the answer you need. Well this blog is where I will give some stuff back :)

Let me know what you think.

John