Android Safe 1.0.2 released today. No new feature or bug fix. This release is mainly for speed improvement.
I picked to implement an encryption program as my first Android application because (besides the fact that I have a real need to replace my Palm application MemoAES) I need to have an excuse to play with native programing on Android! :P I also picked a secure and computationally expensive key generation method: PBKDF2 with 1024 rounds (!) of iteration and a 256-bit key output for AES.
Both Android Safe version 1.0.0 and 1.0.1 used pure Java implementation. The Dalvik VM isn't really that bad. The key generation process took around 3 seconds. But since each of the notes in Android Safe is encrypted with different salt, that essentially translate to the fact that they are using different keys. So each open, save, and import (with different password) action requires at least one call to the PBKDF2 algorithm. The user experience is acceptable, but not that good.
Using Android NDK, the PBKDF2 part is rewritten with JNI (in C) for version 1.0.2. The speed improvement is over five-folds. Below is some test data I collected when testing the algorithm with test vectors found in RFC3962. Each test executed three times with the average taken as the result.
1200 iterations | 2 iterations | |
---|---|---|
128-bit JNI |
330ms
|
3ms
|
128-bit Java |
1864ms
|
9ms
|
256-bit JNI |
632ms
|
11ms
|
256-bit Java |
3495ms
|
97ms
|