Panic passwords are dangerous, as there's a risk the attacker has a copy of the encrypted data prior to demanding a decryption key. That's why Truecrypt etc prefer plausibly-deniable systems involving fake containers revealed by a panic password: they crack the container and find something plausibly sensitive, but not what they're seeking.
On 12 May 2014 10:46:34 GMT+01:00, rysiek <[email protected]> wrote: >Dnia niedziela, 4 maja 2014 21:27:06 Jose Damico pisze: >> Hi All, >> >> I've developed 2 small/simple/open-source Android apps that can be >> useful for data protection in mobile devices: >> >> ============= >> >> Yapea: Yet Another Picture Encryption Application >> >> https://play.google.com/store/apps/details?id=org.jdamico.yapea >> https://github.com/damico/yapea >> >> ============= >> >> SecNote: Encrypted Notepad for Android >> >> https://play.google.com/store/apps/details?id=org.jdamico.secnote >> https://github.com/damico/SecNote >> >> ============= >> >> Both applications, has these features: >> >> * Encryption Algorithms: >> >> Symetric encryption: >> >> AES (CBC/PKCS5Padding) >> Blowfish (CFB/NoPadding) >> The Initialization Vectors are generated based on unique data >> from the smartphone. > >Which data? > >> * Type of encryption key: >> >> Length: 256 bits >> >> Generated through key derivation (from user-defined password) >> with PBKF2 algorithm. The salt are generated based on unique >> data from the smartphone. The key is stored inside a >> configuration file, at smartphone file system. This file is >used >> for password verification at first time of application use. >> After that the key is encripted and stored inside smartphone >> memory (cache). But at anytime the user can choose to delete >the >> encrypted key from memory (Clear cache). >> >> * Application reset: At anytime the user can choose to dump ALL >> application data, including encrypted images and configuration. >> >> * Panic password: A password that can be used to delete all >encrypted >> images. In a case where user is forced to give its key. (If >you're >> traveling overseas, across borders or anywhere you're afraid your >> smartphone might be tampered with or examined). > >That's neat, good thinking! > >> * Languages: English and Portuguese > >-- >Pozdr >rysiek -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
