(Android) Simple Password Manager

Simple Passwords Manager

Introduction

Everybody needs a Passwords Manager. This is needed by almost everyone today to store the logins and passwords to access all your online accounts, Bank Accounts, Social Web Sites, Email Accounts and so on.

The following Web Started application just does that! It manages your credentials securely, using state-of-the-art cryptography algorithm, namely AES (Advanced Encryption Standard).

What do I need?

This application needs at least Java 5 installed on your computer. If you are not sure of the version you are using, just go to http://java.com and install it for your system.
Mac OS users should already have Java installed - make sure your software is up to date by doing a software update.

How does it work?

AES is a symmetric-key algorithm, meaning that the same key is used to encrypt (cipher) and decrypt (decipher) data. In our case, that symmetric key is like a master password that is used to encrypt all the other passwords that you want to manage.
AES can use a key of 128 bits (16 characters), 192 bits and 256 bits (32 characters). 256 bits is better obviously, but to be honest, the lambda hacker does not have the resources to hack AES-128 data anyway (that would take years, and thousands of computers to uncover the plain data).
To understand how secure AES is, read this entry from Schneier. The paper says that the complexity for an AES attack has been lowered to 2^110.
Now, 2^110 does not seem that big, right? But 2^110 equals to 1,298,074,214,633,706,907,132,624,082,305,024. I am not going to even talk about the storage part.. highly likely you'll create a Black Hole by storing all of this data... Let's focus on just the time aspect. For a brute-force attack on 2^110, let's say you could compute one element per nano-second (10e-9 second): you'd need 1,298,074,214,633,706,907,132,624 seconds for the attack, that is roughly 41,161,663,325,523,430 years, or 41,161,663 billion years, .. you get the picture?

Choose your master password carefully - the more complex the better. For example, if you are a rugby watcher, you could choose a master key like i:love:French-Rugb! - this key has 19 characters. AES-128 will use the first 16 characters, AES-256 will pad the key.
Do not loose this master password, if you do, you will not be able to recover your data, ever!

Snapshot

Run it!

If you cannot launch this app, download apm.jar and bcprov-ext-jdk15-145.jar, and in a console type:
java -cp apm.jar:bcprov-ext-jdk15-145.jar com.oogifu.desktop.pm.PMDesktopMain

Test it!

Download this simple test-data.xml (Save Link As...), and load it with the gui. The master password is 12345

How-To

Enter the master password

Click on

. The master password must be at least 5 characters in length. The longer the password (up to 32 characters), the more secure your data will be. Never loose this password, if you do, you will not (and no one will) be able to recover your data.
Once your data has been opened (

), you can always change the master password by clicking on the previous icon, all the data will be re-encrypted using the new password. Do not forget to save (

) your data!
Each time you save your data on the disk, the previous file is automatically backed-up in the same folder.

Reset the master password

Once the data has been opened, simply click on

, and enter the new password twice. The data will be automatically re-encrypted - but not saved until you decide (

How to choose a nice, memorable password?

A nice and easy way is to think of a pass phrase - like a quote, and substitute some letters. Let's take this quote from Kasparov: "Chess is mental torture", you could substitute i for 1, the space by 5 (space has 5 letters), e by $, then you get "Ch$ss51s5mental5torture."

How to display the list of availble icons?

Click on

. Icons are all from IconArchive

How to add, edit and remove an entry?

Click on

to add,

to edit, and

to remove; all available at the bottom left-corner of the user interface.

Where is the data saved by default?

A folder .apm-service is created in the user home. On Mac OS X, that would be under /User/yourlogin, on Windows, in Document and Settings \\ yourlogin.

Browsing the URL

If you have entered a valid URL (like 'http://google.com/'), just double-click on the line for the default browser to be launched. This feature is only available if you are running Java 6 or above.

Copy/Paste Password

Once an entry is selected, a copy action (ctrl-c, or apple-c) will copy the plain password to the clipboard so that you can paste it directly.

Export Data for Android

Click on

and select a directory. A file called apm.sec will be generated. Then connect your Android phone to your computer and copy the previous file to the root folder of your SDCARD.

Android

The application has been released to the store (for free) - Android 1.6+ needed.

F.A.Q

AES-256
I am using the AES implementation from Bouncy Castle

Licence
Free of use

Source code
No need for the source code, however, email me, and I will send you the cipher/decipher code.

Resources
Probably the best resource on the web: Schneier on Security

Contact

Comments? Improvements? Bugs? : android@jyperion.biz