Posts Tagged ‘password’

Cryptography with C# in Windows Mobile

Monday, February 11th, 2008

I wrote last week about an evening I spent throwing together a password manager for Windows and Windows Mobile. As I wrote at the time, one of the motivations was to try writing some encryption code.

I’ve finally got around to writing it, and wanted to post it here with a few comments.

This is what I needed code to be able to do:

  • Encrypt and decrypt data based on a user-provided password
  • Encrypt/decrypt consistently on both Windows desktops and Windows Mobile devices – a file encrypted on a Windows Mobile PDA should be able to be decrypted on a Windows desktop, and vice versa

The System.Security.Cryptography library in .NET makes this fairly straightforward – the class I have written to add crypto support to the password manager app needed only a few hundred lines of code in total.

I’ve shared a simplified version of the source at the end of this post.

(more…)

Tags:, , , , , , , , , , , ,
Posted in code | 3 Comments »

Writing a mobile password manager

Thursday, February 7th, 2008

I miss developing mobile apps. With the exception of the never-ending tweaks and revisions to my mobile wiki app, I’ve not done any mobile development in weeks. (Is it very sad that I missed it? 😉 )

Until tonight. Hurrah – back to playing with fun stuff.

One of the things I typically want to use on my phone is a mobile password manager – particularly as I do more web browsing on my phone, and mobile browsers like Pocket Internet Explorer and Opera Mobile don’t remember passwords.

I’ve tried several existing password managers – I’ve even paid for a couple, like eWallet (love the way it shows credit card details to look like a pretend credit card) and SplashID (always loved the desktop version). But I never found one that I really liked. At the moment, I’m back to storing passwords in a text file, and using mobile Notepad to access it.

There were problems with all of them…

One-handed or stylus-free navigation is bad – Teeny-tiny controls. Drop-down lists that you need to not only touch the screen to open, but then scroll up and down in. Basically, take a look at a design doc like this and do the opposite of pretty much everything 🙂

Too many clicks/presses to get to a password – SplashID for example: to get a website password, you touch the screen to open the category drop-down list, touch the screen to scroll to the “Web Logins” category, scroll through the list to the website you want, touch the screen to select it, press the “Tools” button, then press “Unmask Fields”. Too much.

No clipboard access – Unforgivable, this one. I like to use randomly generated passwords where possible. Once you’ve used the fiddly controls, and gone through all the steps, you can see the password on the screen – hurrah! Can you copy it to the clipboard for pasting into a web form? Nope. Even Ctrl-C / Ctrl-X / Ctrl-V don’t work – and most apps at least leave that basic Windows clipboard support in. So you have to remember your password after reading it. And with my passwords, that’s a pain. I used to find a scrap of paper, and write it down to make it quicker to type back in. So secure(!)

Actually, to be honest, even after all that, the final straw that stopped me using SplashID was the fact that it’s sync plugin consistently hosed my ActiveSync. Not only would it not sync, but it’d crash ActiveSync and stop everything else from syncing too. The day I uninstalled SplashID, my phone became a million times more useful from that alone!

This was all enough of an excuse to try throwing together my own password manager.

(more…)

Tags:, , , , , , , , , , , ,
Posted in code | 2 Comments »