Recently I have been doing a bit of travelling for work to visit vendors and this has involved some lengthy train journeys. On these journeys I decided to set about writing a small little application that I had a use for. Initially I wanted a password vault, but when I thought about it more, I realised I wanted a secure way to store all sorts of information, like passwords, license keys, financial data etc.
So, whilst whiling away the hours on the train I started developing Safe Pad. The application is a pretty typical Rich Text based editor, but when you save your documents they are compressed and then stored by encrypting it with AES 256 three times using 2 passwords. This is a similar theory as to when the DES algorithms life was extended by using it to triple encrypt.
AES 256 is already a very strong algorithm, but when used in an application like this people still tend to use rather weak passwords which makes them susceptible to dictionary attacks. Because this application triple encrypts you are prompted to enter 2 passwords, therefore the program encrypts with password 1, then password 2, and then password 1 again. It adds that extra layer of protection for your secrets. Of course, this isn’t an excuse to use weak passwords, I still recommend using strong passwords made up of mixed case letters, numbers and non alpha-numeric symbols.
I have developed the program enough to a stable 1.0 release. It is quite basic, but then again it doesn’t need to be complicated. I have released the source code on CodePlex under the GNU Public license and this marks my first foray into the world of open source software development. Feel free to download the application if you think it will be useful to you. It costs nothing. If you are not interested in messing around with the source code, then there is an installer you can use to install the application. If you feel like adding some features, then the source code is available for you to play around with.
I have also written a blog post explaining the solution and code structure of Safe Pad should anyone wish to contribute to it.
No talk of passwords is complete with a reference to XKCD http://xkcd.com/936/
It would be nice to save documents in a standard file format supporting encrypion. With that it is possible to use any other tools at least for reading the documents. For example, PKZIP with AES256. If somebody do not want or not able to use Safe Pad, there is still a possibility to access and read the documents.