Announce: jkPassword - Password/Info Keeper (New APP)

Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Jul 26, 2007
2
0
0
#1
Hey all,

Just found this forum last night, I've been so busy the last 2 weeks since I got my iPhone writing jkPassword my new application, that I haven't had the chance to find a good iPhone community.

Well the first version is done:

www.jkPassword.com

jkPassword stores all your sensitive information, with templates that store everything from User & Passwords to Credit Cards. jkPassword encrypts your information on the iPhone for storage on our server. So your data is completely encrypted and backed up at the same time. jkPassword was built specifically for the iPhone and as such has the look and feel of a real iPhone application.

It looks like an ugly mess on FireFox,IE, etc, so be sure to view it on an iPhone. I'll be making a "desktop" version in the next couple weeks.

It's a little crazy right now, but if you have any questions about it I'll be glad to try and answer them here...


Thanks,
Jason
 

Norwest

New Member
Bronze
Jul 23, 2007
133
0
0
#2
Sounds pretty cool. The obvious question for people like me who store a lot of sensitive information on my PDA's would be the security of your web site and more information about your company in general.

Give us some background about the actual site where the data will be stored, your company's background in general and other things that would make me feel comfortable with trusting my sensitive information (credit card numbers, passwords, proprietary numbers etc.) to your web storage.

Thanks for your efforts, I look forward to looking it over.
 
Jul 26, 2007
2
0
0
#3
Security Concerns

I hear you, I would definitely not want to send my sensitive info without knowing how it was being stored.

All your password information is encrypted right on your iPhone using 256bit AES. The encryption happens on the iPhone using Javascript. The encryption actually uses an SHA hash of your password to even make it more secure. It also uses what is known as "Counter Mode" for the encryption. What this means is that your password/info is encrypted differently every time even though you use the same encryption password. It is a much more secure way of encrypting plain text as it obscures the text before the actual encryption takes place. Even the name of the password is encrypted. We have no idea what information you have in there... To us it looks like a random string of text.

The data is then sent to our server (that is located in a data center on our own machines, not shared hosting!) The data is really just a unique identifier (a number) and your encrypted password/info. The server is running Ubuntu Server LTS, Apache2, Mysql, and PHP5. I plan to make sure it is updated with all security patches routinely. Though even if it was hacked the hacker would only get your categories and encrypted passwords. The encryption is very strong, but it also requires you use a good encryption password (no dictionary words, etc).

The only other information that is sent to us in the clear are the categories you setup for your passwords. They are sent in the clear so we can get you to your passwords faster and to make it so you can have different encryption passwords for each category.

Obviously we also store your login email address in the clear to be able to let you login ;-). But your login password is SHA hashed before it is sent to us.

Also on top of all that the whole thing happens over an SSL link to our server.

As far as the company behind it, we've been around for years developing mainly PalmOS applications up to this point.

I really wrote this for myself honestly, and I'm a pretty "privacy minded" guy. I used to use CryptoPad for my treo and needed a new place for my iPhone to store all the information. I can honestly say that I believe my data is more secure than it used to be with CryptoPad. But don't take my word for it, the code is all there in Javascript for all to see.

Hopefully this wasn't too technical a description. If it was let me know I'll be glad to try and explain in more layman terms. Or if you want more technical details I'll be glad to provide them.