### Two Open Source Apps for data protection ###

Cathal (phone) cathalgarvey at cathalgarvey.me
Mon May 12 03:15:37 PDT 2014 

Panic passwords are dangerous, as there's a risk the attacker has a copy of the encrypted data prior to demanding a decryption key. That's why Truecrypt etc prefer plausibly-deniable systems involving fake containers revealed by a panic password: they crack the container and find something plausibly sensitive, but not what they're seeking.

On 12 May 2014 10:46:34 GMT+01:00, rysiek <rysiek at hackerspace.pl> wrote:
>Dnia niedziela, 4 maja 2014 21:27:06 Jose Damico pisze:
>> Hi All,
>> 
>> I've developed 2 small/simple/open-source Android apps that can be
>> useful for data protection in mobile devices:
>> 
>> =============
>> 
>> Yapea: Yet Another Picture Encryption Application
>> 
>> https://play.google.com/store/apps/details?id=org.jdamico.yapea
>> https://github.com/damico/yapea
>> 
>> =============
>> 
>> SecNote: Encrypted Notepad for Android
>> 
>> https://play.google.com/store/apps/details?id=org.jdamico.secnote
>> https://github.com/damico/SecNote
>> 
>> =============
>> 
>> Both applications, has these features:
>> 
>>   * Encryption Algorithms:
>> 
>>         Symetric encryption:
>> 
>>         AES (CBC/PKCS5Padding)
>>         Blowfish (CFB/NoPadding)
>>         The Initialization Vectors are generated based on unique data
>>         from the smartphone.
>
>Which data?
>
>>   * Type of encryption key:
>> 
>>         Length: 256 bits
>> 
>>         Generated through key derivation (from user-defined password)
>>         with PBKF2 algorithm. The salt are generated based on unique
>>         data from the smartphone. The key is stored inside a
>>         configuration file, at smartphone file system. This file is
>used
>>         for password verification at first time of application use.
>>         After that the key is encripted and stored inside smartphone
>>         memory (cache). But at anytime the user can choose to delete
>the
>>         encrypted key from memory (Clear cache).
>> 
>>   * Application reset: At anytime the user can choose to dump ALL
>>     application data, including encrypted images and configuration.
>> 
>>   * Panic password: A password that can be used to delete all
>encrypted
>>     images. In a case where user is forced to give its key. (If
>you're
>>     traveling overseas, across borders or anywhere you're afraid your
>>     smartphone might be tampered with or examined).
>
>That's neat, good thinking!
>
>>   * Languages: English and Portuguese
>
>-- 
>Pozdr
>rysiek

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3595 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20140512/9a9a2a84/attachment-0001.txt>

More information about the cypherpunks mailing list