I’ve been using CryptoPad for many years, on my Handspring Visor. “CryptoPad is a MemoPad replacement that uses the Blowfish encryption algorithm to allow for encryption of arbitrary length data with a password of up to 448 bits.”

Cool, uses Blowfish… by Bruce Schnieier… must be secure.

And it’s Open Source too! This’ll fox those pesky NSA spooks.

At least, this was an assumption – proved wrong when I came to transfer my encrypted data over to the iPod. This is a two stage process:

1. Extract the encrypted data from the synced CryptoPad database, and decrypt it on the PC. (How hard can this be?!!)
2. Import it into some new, as yet undiscovered program on the PC, that syncs with the iPod, allowing me to encrypt it.

The first part is going amazingly well – and has proven that even a good algorithm can be useless (or reduced in security) by an implementation flaw.

The problem is that the password you encrypt your memo with is encrypted with itself, and the ciphertext of this stored in the memo. When attempting to open a memo, you enter a password. The password-stored-as-ciphertext is then decrypted with the entered password, and if this yields the password you entered, then you have the correct password, and the ciphertext of the memo is decrypted with it.

The length of the password is also stored in the memo record. It’s trivial to mount a brute force attack against all possible n-character passwords, especially since you could restrict the keyspace to that allowed by the Grafitti alphabet.

I don’t actually have to do the brute force attack, as I know all the passwords I use, so can get the plaintext of all my memos easily.

But this serves as a warning to check the source code of any crypto system you’re intending to use. Unfortunately, crypto systems are often complex. Sometimes – as in this case – this complexity is deployed with a chink in the armour that can be detected even by those without strong crypto-fu.

The next stage of this project is to find an iPod app that allows import of memo data on the PC. I’m thinking of mSecure, but if there’s no source code, I’m not buying.