### Two Open Source Apps for data protection ###
Hi All, I've developed 2 small/simple/open-source Android apps that can be useful for data protection in mobile devices: ============= Yapea: Yet Another Picture Encryption Application https://play.google.com/store/apps/details?id=org.jdamico.yapea https://github.com/damico/yapea ============= SecNote: Encrypted Notepad for Android https://play.google.com/store/apps/details?id=org.jdamico.secnote https://github.com/damico/SecNote ============= Both applications, has these features: * Encryption Algorithms: Symetric encryption: AES (CBC/PKCS5Padding) Blowfish (CFB/NoPadding) The Initialization Vectors are generated based on unique data from the smartphone. * Type of encryption key: Length: 256 bits Generated through key derivation (from user-defined password) with PBKF2 algorithm. The salt are generated based on unique data from the smartphone. The key is stored inside a configuration file, at smartphone file system. This file is used for password verification at first time of application use. After that the key is encripted and stored inside smartphone memory (cache). But at anytime the user can choose to delete the encrypted key from memory (Clear cache). * Application reset: At anytime the user can choose to dump ALL application data, including encrypted images and configuration. * Panic password: A password that can be used to delete all encrypted images. In a case where user is forced to give its key. (If you're traveling overseas, across borders or anywhere you're afraid your smartphone might be tampered with or examined). * Languages: English and Portuguese ============= Best Regards, Damico
Dnia niedziela, 4 maja 2014 21:27:06 Jose Damico pisze:
Hi All,
I've developed 2 small/simple/open-source Android apps that can be useful for data protection in mobile devices:
=============
Yapea: Yet Another Picture Encryption Application
https://play.google.com/store/apps/details?id=org.jdamico.yapea https://github.com/damico/yapea
=============
SecNote: Encrypted Notepad for Android
https://play.google.com/store/apps/details?id=org.jdamico.secnote https://github.com/damico/SecNote
=============
Both applications, has these features:
* Encryption Algorithms:
Symetric encryption:
AES (CBC/PKCS5Padding) Blowfish (CFB/NoPadding) The Initialization Vectors are generated based on unique data from the smartphone.
Which data?
* Type of encryption key:
Length: 256 bits
Generated through key derivation (from user-defined password) with PBKF2 algorithm. The salt are generated based on unique data from the smartphone. The key is stored inside a configuration file, at smartphone file system. This file is used for password verification at first time of application use. After that the key is encripted and stored inside smartphone memory (cache). But at anytime the user can choose to delete the encrypted key from memory (Clear cache).
* Application reset: At anytime the user can choose to dump ALL application data, including encrypted images and configuration.
* Panic password: A password that can be used to delete all encrypted images. In a case where user is forced to give its key. (If you're traveling overseas, across borders or anywhere you're afraid your smartphone might be tampered with or examined).
That's neat, good thinking!
* Languages: English and Portuguese
-- Pozdr rysiek
Panic passwords are dangerous, as there's a risk the attacker has a copy of the encrypted data prior to demanding a decryption key. That's why Truecrypt etc prefer plausibly-deniable systems involving fake containers revealed by a panic password: they crack the container and find something plausibly sensitive, but not what they're seeking. On 12 May 2014 10:46:34 GMT+01:00, rysiek <rysiek@hackerspace.pl> wrote:
Dnia niedziela, 4 maja 2014 21:27:06 Jose Damico pisze:
Hi All,
I've developed 2 small/simple/open-source Android apps that can be useful for data protection in mobile devices:
=============
Yapea: Yet Another Picture Encryption Application
https://play.google.com/store/apps/details?id=org.jdamico.yapea https://github.com/damico/yapea
=============
SecNote: Encrypted Notepad for Android
https://play.google.com/store/apps/details?id=org.jdamico.secnote https://github.com/damico/SecNote
=============
Both applications, has these features:
* Encryption Algorithms:
Symetric encryption:
AES (CBC/PKCS5Padding) Blowfish (CFB/NoPadding) The Initialization Vectors are generated based on unique data from the smartphone.
Which data?
* Type of encryption key:
Length: 256 bits
Generated through key derivation (from user-defined password) with PBKF2 algorithm. The salt are generated based on unique data from the smartphone. The key is stored inside a configuration file, at smartphone file system. This file is used for password verification at first time of application use. After that the key is encripted and stored inside smartphone memory (cache). But at anytime the user can choose to delete the encrypted key from memory (Clear cache).
* Application reset: At anytime the user can choose to dump ALL application data, including encrypted images and configuration.
* Panic password: A password that can be used to delete all encrypted images. In a case where user is forced to give its key. (If you're traveling overseas, across borders or anywhere you're afraid your smartphone might be tampered with or examined).
That's neat, good thinking!
* Languages: English and Portuguese
-- Pozdr rysiek
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Dnia poniedziałek, 12 maja 2014 11:15:37 Cathal pisze:
Panic passwords are dangerous, as there's a risk the attacker has a copy of the encrypted data prior to demanding a decryption key. That's why Truecrypt etc prefer plausibly-deniable systems involving fake containers revealed by a panic password: they crack the container and find something plausibly sensitive, but not what they're seeking.
Well, about that... https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm -- Pozdr rysiek
participants (3)
-
Cathal (phone) -
Jose Damico -
rysiek