### Two Open Source Apps for data protection ###
Cathal (phone)
cathalgarvey at cathalgarvey.me
Mon May 12 03:15:37 PDT 2014
Panic passwords are dangerous, as there's a risk the attacker has a copy of the encrypted data prior to demanding a decryption key. That's why Truecrypt etc prefer plausibly-deniable systems involving fake containers revealed by a panic password: they crack the container and find something plausibly sensitive, but not what they're seeking.
On 12 May 2014 10:46:34 GMT+01:00, rysiek <rysiek at hackerspace.pl> wrote:
>Dnia niedziela, 4 maja 2014 21:27:06 Jose Damico pisze:
>> Hi All,
>>
>> I've developed 2 small/simple/open-source Android apps that can be
>> useful for data protection in mobile devices:
>>
>> =============
>>
>> Yapea: Yet Another Picture Encryption Application
>>
>> https://play.google.com/store/apps/details?id=org.jdamico.yapea
>> https://github.com/damico/yapea
>>
>> =============
>>
>> SecNote: Encrypted Notepad for Android
>>
>> https://play.google.com/store/apps/details?id=org.jdamico.secnote
>> https://github.com/damico/SecNote
>>
>> =============
>>
>> Both applications, has these features:
>>
>> * Encryption Algorithms:
>>
>> Symetric encryption:
>>
>> AES (CBC/PKCS5Padding)
>> Blowfish (CFB/NoPadding)
>> The Initialization Vectors are generated based on unique data
>> from the smartphone.
>
>Which data?
>
>> * Type of encryption key:
>>
>> Length: 256 bits
>>
>> Generated through key derivation (from user-defined password)
>> with PBKF2 algorithm. The salt are generated based on unique
>> data from the smartphone. The key is stored inside a
>> configuration file, at smartphone file system. This file is
>used
>> for password verification at first time of application use.
>> After that the key is encripted and stored inside smartphone
>> memory (cache). But at anytime the user can choose to delete
>the
>> encrypted key from memory (Clear cache).
>>
>> * Application reset: At anytime the user can choose to dump ALL
>> application data, including encrypted images and configuration.
>>
>> * Panic password: A password that can be used to delete all
>encrypted
>> images. In a case where user is forced to give its key. (If
>you're
>> traveling overseas, across borders or anywhere you're afraid your
>> smartphone might be tampered with or examined).
>
>That's neat, good thinking!
>
>> * Languages: English and Portuguese
>
>--
>Pozdr
>rysiek
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3595 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20140512/9a9a2a84/attachment.txt>
More information about the Testlist
mailing list