On Version 2.0 and Windows RT

January 7th, 2013 | Comment?

I apologize for the long stretch of silence, folks. I realize there haven’t been any new releases for a while, and likewise no news to speak of. As often tends to happen, I’ve been swamped lately with many different irons in many different fires, and unfortunately that means a number of things on my plate have had to sit on the back burner. Since Cryptnos has been relatively stable of late, it quickly became one of those back burner projects. I promise I haven’t forgotten or abandoned it; it’s just low on my priority list at the moment, something that will hopefully change very soon.

So I suppose you’d like to here a little bit of news on what we do have planned, wouldn’t you? Well, I can confirm that there is a Version 2.0 in the works for both the Windows and Android branches, both of which will hopefully add a number of long requested features. Chief among these will be a new “wizard” password creation mode that will take a series of requirements and generate a password that meets these requirements, all while maintaining Cryptnos’ original level of security. For example, many sites and services list a series of password creation rules not too dissimilar from these:

  • Must not be a previously used password;
  • Must not contain your profile ID or name;
  • Must be at least 8 characters but no longer than 20 characters;
  • Must have at least 2 upper case and 2 lower case letters;
  • Must have at least 1 digit;
  • Must not have more than 2 pair(s) for repeating characters.

Now the first two rules are not something Cryptnos could handle for you. Cryptnos does not store your passwords anywhere, nor does it care what your user ID or name really is. That said, the pseudo-random nature of Cryptnos passwords makes breaking those rules so statistically unlikely that we can practically call them impossible. Similarly, the third rule is easy enough to handle with Cryptnos in its present state: simply set the password length to 20 characters. This is the upper limit of the rule’s length range, and selecting anything less than that would mean artificially weakening the password unnecessarily.

But what about the rest of these rules? Cryptnos does not currently check for these states, although the pseudo-random nature of the generation process makes it hard to actually violate them. Despite this fact, I myself have run into the occasional instance where I’ve had to tweak my Cryptnos parameters because one generated password didn’t match an arbitrary rule like this. It’s a very simple problem to work around—I just increment the number of hash iterations until I happen to reach a generated password that matches the criteria—but it’s still something that would be convenient if Cryptnos did handle for us. (My manual solution does require a bit of work on my part to check that the generated password does not violate the rules.)

So the big new feature planned for Version 2.0 will be a “wizard” mode for creating new passwords. In this mode, you will still be able to set the “classic” set of parameters as before… or you can let Cryptnos choose the “best” options from a series of defaults, in case you don’t care about hash algorithms or the number of iterations. Then you’ll be able to specify a set of rules like the ones listed above. Cryptnos will translate these rules into a series of “classic” parameters and test to see if the generated password meets the specified rules. If not, it will tweak the classic parameters behind the scenes (such as incrementing the hash iterations or changing the algorithm) until it either matches your rules or gives up if it can’t find a match in a reasonable amount of time. Your rules will then be saved in the database, and day-to-day password generation will work just as it does now (Regenerate on Android or “Daily Use” mode on Windows). When it comes time to change your password, Cryptnos will recognize which generation method was used to create the initial password (classic or wizard) and load the appropriate the interface.

Since this change will be a pretty big one, I think we’ll be justified in bumping the version number up to the next major version. Unfortunately, that also means this one will be a lot more work. We’ll have to find the best way to define, present, and store these new rules, all while keeping the “classic” generation method available for folks (like me) who will still want to use it. More work, of course, means more time, so for now I can’t give an ETA on when this version will arrive. I’m still in the planning process at the moment, so it will be a while before we’ll see anything worth beta testing.

There are a few other things I’d like to squeeze into 2.0, such as improved support under Mono (right now it doesn’t work at all) and a general clean-up of the Windows UI to make it simpler and easier to understand. And of course there’s the long awaited and oft-neglected Java port, which will likely have to wait until the Windows 2.0 UI is stabilized. It’s coming folks; I promise I haven’t forgotten it.

And then there’s Windows RT….

I received a query at the end of the year regarding whether or not there will be a Windows 8 RT* version of Cryptnos. Sadly, I’m afraid the answer, at least for now, will be the same as the one for iOS: We’d love to do one, but right now it’s not practically feasible. The reason is pretty much the same as for iOS, too. Both mobile operating systems require very specific development environments, neither of which we have access to at the moment. For iOS, that means developing on a Mac (which I don’t have) and learning Objective-C; for RT, that means purchasing Visual Studio 2012, Windows 8, and ideally an RT device to test with. Considering that I just brought all my machines up to Windows 7, I’m not looking forward to going through another upgrade cycle just yet. And while I can sort of justify having both an iOS device and an Android device (after all, I had an old classic hard drive based iPod long before I got my first Android phone, so my music is pretty much mired into iTunes for now), justifying a third such device just for testing on a free (as in beer) app with no budget isn’t going to get very far.

Of course, it’s hard to predict what the future might hold. Fortunes change, and it’s also possible volunteers may step forth to take up the challenge. While I’d love to roll up my sleeves and get into iOS or RT development, it’s going to get harder and harder for me to do so by myself. However, if some brave soul wanted to take charge of a port to one of these platforms, I’d be happy to do what I can to promote and support it. Until I win the lottery (which will be difficult since I don’t play) or a volunteer steps up, for now I suppose Cryptnos Online will have to suffice.

That’s all the news I have for now. I wish everyone a happy and health New Year, and I hope my next post will be a long awaited release announcement!

* Note that Windows 8 RT is the “watered-down” tablet-only version of Windows 8. Cryptnos for Windows should still work on Windows 8 for desktops and laptops, although you may have to drop out of the “Metro” interface to the desktop to use it. At this time, Cryptnos for Windows if officially untested on Windows 8. There are currently no plans for placing Cryptnos in the Windows Store.

Tags: ,


You can skip to the end and leave a response. Pinging is currently not allowed.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

You must be logged in to post a comment.