KGrok Database

Home Menu Card Search Pref Query

Cryptography

Databases may be encrypted to make them inaccessible to others who do not know the passphrase. Any database can be either encrypted or plaintext. Once encryption is enabled for a database, you must provide a passphrase every time it is loaded. Different databases may have different passphrases.

• Encrypting a database
• Loading an encrypted database
• Changing the passphrase
• Reverting to plaintext
• Caveats

KGrok uses a 64-bit block cipher called Blowfish, invented by Bruce Schneier. To the best of my knowledge, it is currently unbroken, but please read the caveats for important security information!

Encrypting a database

1. Make sure you have selected an application. Use the App pulldown if necessary.
2. Choose Encryption from the File pulldown.
3. Check the line The current database is encrypted.
4. If the database already contains confidential data and was previously unencrypted, you may check High security: overwrite plaintext. KGrok will then fill all unused flash memory in your PDA with null bytes. Basically it runs the file system against it stops, which may take some time and can disrupt other programs.
5. Enter a passphrase in the text entry field below. Make sure that the passphrase cannot be guessed, for example by attackers who try every word in the dictionary and common names and dates! You can check Show passphrase while entering to make sure you made no typos.
6. Tap Done. KGrok will save your data in encrypted form.

When you have an encrypted database loaded, a little padlock icon appears in the main menu, above the listing, if the arrow in the menu bar points up.

Warning: if you forget the passphrase, you will be unable to load the data later. There is no way to recover a lost passphrase! Data being backed up will be encrypted with the same passphrase.

Loading an encrypted database

If you load an encrypted database, KGrok will prompt you for the passphrase. The padlock icon will appear after loading, and any changes will be saved in encrypted form too. Encryption is not an action that you perform, but a persistent property of the database.

If you switch to another database using the App pulldown, if available, and the new database is encrypted with the same passphrase, KGrok will not prompt again. KGrok will not forget your last passphrase until you quit KGrok. (this behavior can be changed in the Home

Changing the passphrase

You can change the passphrase for the currently loaded database:

1. Choose Encryption from the File pulldown.
2. Enter a new passphrase in the text entry field.
3. Tap Done. KGrok will save your data.

This procedure re-encrypts only the currently loaded application, not any other applications or backups performed earlier. When loading this application the next time, KGrok demands the new passphrase.

Reverting to plaintext

1. Choose Encryption from the File pulldown.
2. Un-check the line The current database is encrypted.
3. Tap Done. KGrok will save your data.

As explained below, the data is now stored on your PDA in plaintext. A determined attacker may be able to get access to it even if you later re-encrypt the data! It is best to never keep confidential data unencrypted on your PDA at any time.

Caveats

Although the basic encryption algorithm (Blowfish) is secure, KGrok cannot guarantee that your data is really safe from determined crackers for several reasons:

• I am not a cryptography expert. Although I am familiar with many of the common pitfalls and have taken precautions, KGrok may contain bugs that allow attackers to compromise the encryption. (Considering the track record of the software industry, it likely does. Sorry.)
• If data was stored in plaintext on your PDA and later encrypted, it is possible that the plaintext survives even if high security mode was checked in the encryption dialog. KGrok has little control over how the operating system deals with its file system. It's better to enter data after a passphrase was assigned.
• While a database is loaded and displayed, the data is stored in memory unencrypted. An attacker with wireless access to your PDA, or who gains access to the hardware, while KGrok is still active, can read your data directly from memory. Always quit KGrok after working with encrypted data.
• Although KGrok takes care to destroy plaintext data when leaving a database, fragments may be left over in GUI buffers managed by the Qt toolkit or its temporary buffers in the heap or the stack. The fragments are likely small but it's hard to tell.

In other words, KGrok is part of a larger system that was not designed for high-security applications, and KGrok itself may very well contain security flaws. It was never reviewed by cryptography professionals. Do not rely on KGrok's encryption to safeguard critical confidential information. The responsibility is entirely yours.