Thursday, June 17, 2010

Android Safe 1.0.2

Android Safe 1.0.2 released today. No new feature or bug fix. This release is mainly for speed improvement.

I picked to implement an encryption program as my first Android application because (besides the fact that I have a real need to replace my Palm application MemoAES) I need to have an excuse to play with native programing on Android! :P I also picked a secure and computationally expensive key generation method: PBKDF2 with 1024 rounds (!) of iteration and a 256-bit key output for AES.

Both Android Safe version 1.0.0 and 1.0.1 used pure Java implementation. The Dalvik VM isn't really that bad. The key generation process took around 3 seconds. But since each of the notes in Android Safe is encrypted with different salt, that essentially translate to the fact that they are using different keys. So each open, save, and import (with different password) action requires at least one call to the PBKDF2 algorithm. The user experience is acceptable, but not that good.

Using Android NDK, the PBKDF2 part is rewritten with JNI (in C) for version 1.0.2. The speed improvement is over five-folds. Below is some test data I collected when testing the algorithm with test vectors found in RFC3962. Each test executed three times with the average taken as the result.

PBKDF2 Speed Tests using test vectors from RFC3962.
(Pass phrase = "password". Salt="ATHENA.MIT.EDUraeburn")
1200 iterations 2 iterations
128-bit JNI
128-bit Java
256-bit JNI
256-bit Java

Sunday, June 13, 2010

Android Safe

Encrypt notes with 256-bit AES. Keys are based on PBKDF2 with 1024 iterations and 256-bit salt. Export/Import encrypted notes to external storage. Share the encrypted messages via emails. Online tool available to decrypt the message without using Android.