Curious about Cryptnos for Android? See what other users have been saying before you give it a try…
by adrianvega (August 4, 2011)
A password manager MUST be open source.
We heartily agree. We here at Cryptnos firmly believe in the ideals of Open Source, and one of its biggest strengths is transparency. If one cannot see what a piece of software is really doing behind the scenes, how can one truly trust it with sensitive information? This is especially true for security software; transparency provides a window into what the application is actually doing with your valuable data (in this case, your passwords).
Transparency, of course, is a double-edged sword. Critics of Open Source claim that exposing the source code provides more opportunities for malicious coders to search for exploits. Of course, Open Source advocates claim this is not a weakness but another strength. By exposing the code to greater scrutiny, it becomes not only easier to find vulnerabilities but to also patch them, making the final product more secure over all. We at Cryptnos welcome such scrutiny and graciously accept vulnerability reports and patches.
by DufusMaximus (July 6, 2011)
Base64 + md5 ftw
Thanks for the four stars, DufusMaximus. I would suggest, however, that you might want to consider a stronger hash algorithm than MD5, considering that algorithm has know weaknesses that leave it susceptible to attack. If you’re using MD5 to keep your password length shorter, you can use the length restriction option to set the maximum length of the generated password. At a minimum, you may want to increase the number of hash iterations to further distance your input parameters from the generated result.
My goto for strong passwords. Highly recommended
Thanks, Matt. While there are plenty of great options for generating and keeping track of strong passwords, we’re always honored when anyone picks Cryptnos.
Have been using this for 4 months. Is an essential app. Recent media stories (Google, Sony, Anonymous, HBGary) have highlighted its need.
An updated comment from “Zubair” (see his or her original below). As this comment very succinctly points out, recent high-profile data breaches only highlight and underscore the need for strong data security. While some of these incidents have been outside end-user control (script vulnerabilities, SQL injection attacks, and social engineering have little to do with passwords), a weak password is always an easy vector for attackers to exploit. Whether you use Cryptnos or some other password generator to manage your passwords, we certainly hope more and more people will understand the risks of weak password use and opt to use tools that vastly increase their password security.
If you know why you should use strong passwords then you will think this is an excellent app. And beautifully simple.
Thanks for the kind words, Mictlantechupi! Yes, Cryptnos is simple, and we think that’s one of its strongest points. It may not be flashy, but it’s intuitive and quick to get in, get what you need, and get out. We try to make increasing your security as easy as possible without compromising it.
Awesom. Need better ui
Thanks, kunal. We agree; Cryptnos could definitely stand some prettying-up. UI enhancements are definitely in the pipeline, especially since we’ve been working on some other projects and we’ve learned a few more things about Android UI design.
As stated in the FAQ, however, our primary goal has always been functionality, not aesthetics. We want Cryptnos to work first and foremost, and making it pretty must come later. Specific suggestions for UI enhancements are always welcome, so long as they don’t stand in the way of users being able to do what they came to Cryptnos to do: generate secure, unique passwords.
Love it plus their is no special permissions like internet access.
Unfortunately, there a far too many apps in the Android Market that request a lot of useless permissions. Many of these apps ask for these permissions even when they don’t need them, “just in case”. Also unfortunately, far too many Android users simply click through the permissions screen without paying attention to what permissions are being requested.
Why should a password generating program request Internet access? It’s a very legitimate question. Some, like LastPass mentioned below, store your password information “in the cloud” so you can access it from other locations. This is a “feature” that some people look for in a secure password vault application. Here at Cryptnos, we question this idea. Our philosophy is “trust no one”, meaning we don’t want your password data. We don’t want the responsibility of transporting your passwords, and we don’t want you to put that much trust in us. That’s asking quite a bit. We think your passwords are more secure when they remain in your possession and nowhere else. If you want to move your passwords outside of Cryptnos, we think you should be the one to decide when and where that occurs.
The only permission Cryptnos asks for is permission to read and write to your external storage (i.e. SD card). The only reason we ask for that is so we can export your parameters for backup and portability reasons. Cryptnos doesn’t need Internet access, so it doesn’t ask for it. And since we don’t request Internet access, Cryptnos cannot reach the Internet. It’s that simple. In Android, if you don’t request such a permission, it is implicitly denied. So there’s no way Cryptnos can spirit your password data away to some unknown location without your knowledge; it’s a built-in impossibility. Your passwords don’t go anywhere unless you want it to.
Very useful help files explain how to exploit potential of this app. Don’t be daunted by the simple UI.
Thanks for the helpful comment, Zubair. This brings up a very important point: Cryptnos is loaded with help pages full of useful information about what Cryptnos does (and doesn’t) do, why it does things the way it does, and how to most effectively use it. For Cryptnos for Windows, this is in the form of an external HTML help file, but in Cryptnos for Android the help is built right into the app. On any “page” or “activity”, you can tap the Menu hard button on your device and get a menu that will include a Help option. Tapping that item will take you to a context-sensitive help page related to the activity you were on. All of the help pages are also available from the main menu through a single help index.
As for Cryptnos’ simple UI, we cover that in our FAQ. Cryptnos is simple because we’re focused on functionality, not aesthetics. It does what it does without bloat, bells, and whistles. While we’ll happily accept contributions from anyone wishing to help make the app prettier, we do ask UI enhancements focus on ease of use and functionality first and visual fluff last. Any UI “enhancements” that bog down the app and make it slower, fatter, or harder to use are not welcome.
Switched to LastPass, which gives more parameters including min numerals. LastPass also retrieves saved passwords, even within Dolphin. Samsung Moment
We’re glad to see Christopher & Brooke found a solution that works best for them. (See their original comment below.) LastPass is an impressive password management solution. I’ve seen some very positive, thorough analysis of their system, which seems sophisticated, versatile, and secure. We wish C&B the best (and definitely thank them for leaving us a five star rating despite the fact that Cryptnos wasn’t all they hoped).
That said, while LastPass is indeed very well thought out and fundamentally secure, there is one aspect that kept me personally from considering it for my own needs. While it’s great to have an off-site backup of your authentication data, you have to place a great deal of trust in the LastPass team that their software works exactly as their documentation implies. While they say they encrypt your data and only you have the key, once your data leaves your possession there is no guarantee that this is what they will actually do. Folks in the security field call this a “trust no one” philosophy. While I personally believe that LastPass indeed operates in the manner they describe, I can’t say with 100% unshakable certainty that this is true. Anyone truly concerned about the security of their data must be skeptical of any solution that purports to make security “easier”, a skepticism which I hope all users of Cryptnos apply to our software as well.
Cryptnos never sends your parameter information anywhere without your knowledge. While it does not automatically back up your data “into the cloud”, it provides you with an export mechanism by which you can do this yourself. A good backup strategy should always include an off-site (or in this case, off-device) backup, and we let you decide where and how that data is secured. Our source code is open and freely available so you can decide for yourself if what we claim our software does is true. While folks who install Cryptnos from the Android Market do require a bit of trust in us, anyone who is more skeptical can inspect the code and compile it themselves to be absolutely certain.
As for the minimum number of numerals in a given Cryptnos-generated password, please see our response to C&B’s previous comment.
by raychall (September 13, 2010)
Hard to figure out. Need something simple and to the point.
Cryptnos isn’t for everyone, although we certainly wish it were. It relies on a number of complex concepts that are difficult for some people to digest, especially if they don’t come from a technical background. Admittedly, there’s a lot we can do to improve its user interface, usability, and documentation. Of course, since Cryptnos is Open Source, anyone can contribute to help make it better, and we certain hope more people will.
While we obviously wish raychall had rated us higher, we do hope he or she can find another utility that suits his or her needs. There are tons of password vaults and utilities in the Market, so there’s bound to be something that fits his or her requirements. Of course, we can’t guarantee the security of any other application, so I’m hesitant to recommend anything in particular.
Works as described, but I can’t select required parameters like: must be 6-8 characters, contain at least 2 letters and 2 numbers.
To meet the length restriction, set the length restriction to the maximum length (in this case, 8); there’s no reason to go shorter when longer is always more secure! 
As for minimum character type restrictions, we’ll consider that for a possible future update. (You can provide further feedback in this issue in our issue tracker.) However, statistically, you’re very likely to get at least two letters and two numbers in a generated password and the letters should always be in mixed case, so this user’s immediate concern shouldn’t be an issue. Requiring different symbols, however, might be, as by default only two symbols (plus sign and forward slash) are currently generated. Please see this news post for further explanation and ideas.
Wow! Perfect!
We’d never go so far as to call it “perfect”, but it’s perfect for our own personal needs, and lots of others seem to think so too. Thanks, mark!
No net access needed; won’t store pwds, just pwd gen params; not limited to a master pwd; can use single master and still get diff pwds per site.
A nice, concise summary of some details we couldn’t put in the Market description. Thanks, vincentc!
Probably top 3 most useful application out there!! (HTC Hero)
Wow, great praise, hs! And his/her HTC Hero runs HTC’s Sense UI, which just proves that Cryptnos works well with non-”vanilla” Android setups as well.
Good stuff, made my Ebay safer than a steel condom
By far the most popular comment among my coworkers at my day job. Um, thanks, Stephen… I think! 
Fantastisk program! Väntar på kommande version som kommer att vara kompatibel med Windows!
Google translation: Great program! Waiting for the next version that will be compatible with Windows!
Daniel, did you happen to miss Cryptnos for Windows? As of version 1.1 for both platforms, import/export files are cross-platform, so they should both be completely compatible.
Excellent app, works great on Eris
Another HTC Sense UI. Thanks, Craig!
Does what it says Hero
We certainly hope it does what it says. Otherwise, we’d be lying. 
Nice! Does what it says, though i’ll need to get the pc version for use @ home
We like to think of Cryptnos as a package; use the Android client on your phone, the Windows or Java client on your desktop, or Cryptnos Online while on the go (and away from your phone). Passwords generated by one will work with all the others. It’s not perfect (despite what mark says above), but it works well enough for us. Hopefully, it will work for you too.
Note: Android Market quotes are taken directly from the Android Market Developer’s Console and are submitted by users through the Android Market application. These comments are public to any Android user and visible by visiting the Cryptnos details page in the Market. If you have posted a comment to the Market and don’t want to see it posted here, please let us know and we’ll remove it.
Market rankings are an average of all rankings provided by users who have installed the software via the Market. Not all users provide rankings, and not all rankings supplied have comments, meaning some ranking data is not visible here.
![[QR Code]](/files/media/site_qrcode.png)
