Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encryption On PalmOS?

Posted by Cliff on from the security-for-handhelds dept.

TheTomcat asks: "I'm planning on writing some software for Handspring Visor (or any palmOS device) in PocketC (because I can develop in pocketC directly on the Palm, and I don't have time to learn the SDK), but I would like to encrypt the data that is stored in case the handheld gets lost, stolen, or somehow gets into the wrong hands. Setting the Private Bit is not good enough. Simply, I want simple encryption that is very secure, fast, and can be unlocked by a passphrase (thanks to graffiti). I'm looking at an algorithm called Tiny Encryption Algorithm (TEA), but the spec is dated November 1994, so I'm not sure if it would still be considered secure. Any help would be much appreciated, especially if you can point me at some C source. Thanks!"

3 of 8 comments (clear)

  1. fileSafe by cheeserd00d · · Score: 2

    quick google search turns up fileSafe - its a PalmOS encryption program which supports 448 bit Blowfish (which is still considered secure) and 128 bit TEA (which i don't know much about).

    --
    Two wrongs don't make a right, three lefts do!
  2. GNU Keyring by iriefrank · · Score: 2
    There is an open-source project called GNU Keyring that uses Triple-DES to encrypt info on a PalmOS machine. I have been using 1.0 for a few months now, and I like it a lot. I don't trust it enough to store irreplacable stuff, but it does a good job of storing passwords and such. It also has a random password generator built in, although it is noted on their page that the PalmOS random number generator isn't that great. All in all though, it's a great little program that gets the job done.

    Frank Bynum
    UT Austin undergrad

  3. Rijndael and/or Blowfish by rjh · · Score: 2

    I'd stay away from TEA; I seem to recall some attacks against it in the literature, but I can't think of them for the life of me right now.

    The number one concern you have with a Palm is its limited memory and processor. You don't want an algorithm which requires a lot of overhead or which has extremely slow throughput. Algos like 3DES are out for this reason.

    My own two cents says go for Rijndael and/or Blowfish. Blowfish isn't suitable for apps which do key initialization a lot, but you don't sound like you need that.

    Either way, you'll be getting a cipher with a lot of cryptanalysis and a fair degree of trust from the cryptographic community.

    If you're looking for C source, check GNU Privacy Guard--Blowfish is already in there, and Rijndael should be there soon.