Export passwords too easy

207 views
Skip to first unread message

Mark

unread,
Feb 18, 2010, 5:42:30 PM2/18/10
to secrets-for-android
I think it's too easy to export your passwords accidentally. In the
menu, just pressing Export, and your files are written unencrypted to
your phone's SD-card. AFAIK you must connect your phone to a PC to get
rid of it again.

Perhaps you could pop-up a confirmation dialog asking the user if he
really wants to export his passwords to an unencrypted file?

Nice app, thanks for writing it.

Mark

PS. At http://code.google.com/p/secrets-for-android/ you don't
document the encryption cypher used. It's 256-bit AES, isn't it?

PPS. Still writing in this forum, I must say I don't see how to
perform a "Filtering and Full-text Searching". As I don't have many
passwords stored, this is no issue for me.

Roger Tawa

unread,
Feb 19, 2010, 9:36:00 AM2/19/10
to secrets-for-android
Thanks for the suggestion Mark.

For the encryption cipher, you are correct, AES-256. The complete
algorithm name is "PBEWITHSHA-256AND256BITAES-CBC-BC". You can see
the full source code at:

http://code.google.com/p/secrets-for-android/source/browse/trunk/src/net/tawacentral/roger/secrets/SecurityUtils.java

To filter and search, just start typing with the list displayed. The
only exception would be with devices with no physical keyboard, in
which case you need to first display the virtual keyboard before
typing. For example, on the nexus one, with your list of secrets
displayed, tap and hold the menu button.

On Feb 18, 5:42 pm, Mark <mark.r...@gmail.com> wrote:
> I think it's too easy to export your passwords accidentally. In the
> menu, just pressing Export, and your files are written unencrypted to
> your phone's SD-card. AFAIK you must connect your phone to a PC to get
> rid of it again.
>
> Perhaps you could pop-up a confirmation dialog asking the user if he
> really wants to export his passwords to an unencrypted file?
>
> Nice app, thanks for writing it.
>
> Mark
>

> PS. Athttp://code.google.com/p/secrets-for-android/you don't

Ricky

unread,
Mar 18, 2010, 2:47:01 AM3/18/10
to secrets-for-android
I was also confused with how to trigger the virtual keyboard from
Nexus One. Thanks for your tips. In fact, the User Guide of Nexus One
hasn't told anything about how to open the virtual keyboard.


On 2月19日, 下午10時36分, Roger Tawa <roge...@google.com> wrote:
> Thanks for the suggestion Mark.
>
> For the encryption cipher, you are correct, AES-256.  The complete
> algorithm name is "PBEWITHSHA-256AND256BITAES-CBC-BC".  You can see
> the full source code at:
>

> http://code.google.com/p/secrets-for-android/source/browse/trunk/src/...


>
> To filter and search, just start typing with the list displayed.  The
> only exception would be with devices with no physical keyboard, in
> which case you need to first display the virtual keyboard before
> typing.  For example, on the nexus one, with your list of secrets
> displayed, tap and hold the menu button.
>
> On Feb 18, 5:42 pm, Mark <mark.r...@gmail.com> wrote:
>
>
>
> > I think it's too easy to export your passwords accidentally. In the
> > menu, just pressing Export, and your files are written unencrypted to
> > your phone's SD-card. AFAIK you must connect your phone to a PC to get
> > rid of it again.
>
> > Perhaps you could pop-up a confirmation dialog asking the user if he
> > really wants to export his passwords to an unencrypted file?
>
> > Nice app, thanks for writing it.
>
> > Mark
>

> > PS. Athttp://code.google.com/p/secrets-for-android/youdon't

Ricky

unread,
Mar 18, 2010, 3:06:16 AM3/18/10
to secrets-for-android
For method of opening the virtual keyboard, I suggest to mention it in
your summary page of the Google Code Project. :)


On 2月19日, 下午10時36分, Roger Tawa <roge...@google.com> wrote:

> Thanks for the suggestion Mark.
>
> For the encryption cipher, you are correct, AES-256.  The complete
> algorithm name is "PBEWITHSHA-256AND256BITAES-CBC-BC".  You can see
> the full source code at:
>

> http://code.google.com/p/secrets-for-android/source/browse/trunk/src/...


>
> To filter and search, just start typing with the list displayed.  The
> only exception would be with devices with no physical keyboard, in
> which case you need to first display the virtual keyboard before
> typing.  For example, on the nexus one, with your list of secrets
> displayed, tap and hold the menu button.
>
> On Feb 18, 5:42 pm, Mark <mark.r...@gmail.com> wrote:
>
>
>
> > I think it's too easy to export your passwords accidentally. In the
> > menu, just pressing Export, and your files are written unencrypted to
> > your phone's SD-card. AFAIK you must connect your phone to a PC to get
> > rid of it again.
>
> > Perhaps you could pop-up a confirmation dialog asking the user if he
> > really wants to export his passwords to an unencrypted file?
>
> > Nice app, thanks for writing it.
>
> > Mark
>

> > PS. Athttp://code.google.com/p/secrets-for-android/youdon't

Roger Tawa ▌♠▐

unread,
Mar 18, 2010, 7:35:19 AM3/18/10
to secrets-f...@googlegroups.com

Good idea Ricky. I'll do that.

On Mar 18, 2010 3:06 AM, "Ricky" <ricky...@gmail.com> wrote:

For method of opening the virtual keyboard, I suggest to mention it in
your summary page of the Google Code Project. :)



On 2月19日, 下午10時36分, Roger Tawa <roge...@google.com> wrote:

> Thanks for the suggestion Mark.
>

> For the encryption cipher, you are correct, AES-256.  The comp...

> http://code.google.com/p/secrets-for-android/source/browse/trunk/src/...

>
> To filter and search, just start typing with the list displayed.  The

> only exception would be ...

> > PS. Athttp://code.google.com/p/secrets-for-android/youdon't

> > document the encryption cypher used. It's 256-bit AES, isn't it?
>

> > PPS. Still writing in thi...

Reply all
Reply to author
Forward
0 new messages