FFkeystore: paranoia level

FFkeystore has 3 different operating modes called paranoia level in the settings. The paranoia level operates how the key store password is entered and when.

Let me show a summary first in the following table:

Mode hides # of
key store passwords
hides # of
key store entries
prone vs.
hybrid data
Unsafe no no no no
ftN! yes yes no yes
N,kma! yes yes yes yes

hides # of key store passwords
The number of used key store passwords is hidden (if you break one password, the number of the unbroken passwords is not revealed. You only know : might (!) be more than one)

hides # of key store entries
Hides the number of used password entries, even when a key store password is obtained (works only if you have used multiple key store passwords)

prone vs. screenshots
This does mean someone takes a screenshot in the background each time you press a key or click a mouse button.
Note: Currently the true length of the password is revealed with this method. This will be fixed in a future version.

hybrid data
Some clear text fields have a cipher text counterpart which can be shown with the correct key store password.


The application can not work until you provide your correct password. If you plan to use unsafe mode, you should consider to remove all default passwords since they provide only a small advantage. As soon, as the key store password is known, you can easily identify them. However, if the password is not known, they will cover the number of real entries if you remove a default password for each added password.

ftN! mode

The application will accept ANY password - but you will get a hint

N,kma mode

The application will accept ANY password without any hint

Maximum security

This quite paranoid - I know but here it comes:

Strong password? What is a strong one?

Try to reach at least 90 bits on the strength meter.
Note: The strength meter cheats (it gives you a lower entropy than you would calculate if using the full alphabet. This is works as designed). And the strength meter is dumb. It will not detect when you used dictionary words.

Some hints for strong passwords:

This sounds very cool, I can trust my life on it?


Do not do this - trust only KNOWN PUBLIC SOURCE (see Gnu PG they use a self signed https cert, you must accept it. Learn how to use GNU PG if you must trust your life on the encrypted data).

There is a reason why some people are respected and honored because they can do this cryptographic stuff right. It is super easy to make mistakes. And since this is no open source yet, nobody will find it.

The second reason is, that this application uses apple crypto libs and seen the how far the corruption by nsa has gone, there is absolutely no guarantee that the keys provided to the apple api are not stored somewhere else or that the crypto random function does work correctly. Apple is an corp located in USA, must abide the corrupted laws and therefore can not be a trusted source.

Every corp located in USA is a suspect
do not use crypto from these

What is then the point of this application?

The purpose of this application is to be a "hard target", the more people get to be a hard target, the more difficult is to maintain the "We know everything you said, write or clicked" - approach. Using strong cryptography is big let down for big brother spies like NSA because the only thing you can do, is to store the data for ever and hope to break it someday somehow (storing encrypted random data which is encrypted by an unknown key is the ultimate price to pay for destroying personal freedom, everyone who uses this app is requesting that payment)

Every hard target covers someone, who is in need of such coverage (you know, breaking strong cryptography is not something you decide to do lightly the more crypto is used the better for us all)

Accepting any password? Why is this a problem?

Because it is encrypted with a symmetric key, it will always work (there is no wrong password only a unwanted result). If you provide the wrong key store password, it will give you a wrong clear data (the password are stored ENCRYPTED with the original key store password - the only way to get the password back, is to provide the correct key store password. Since the app does not have the clear text password: if your key store password is wrong, the password decrypted will be wrong)

ftN! ? N,kma ? Where are these names from?

Sorry, these are super secret. I can not tell you.

Unsafe mode? Why?

It is unsafe because of how the application checks that you enter the correct password. In fact, it can not know if you enter the correct password, to detect that it will save the target pattern in cleartext and encrypted with your password. When the password you have entered is generating the cipher text, then the password must be correct.

However you then provide the NSA a super easy exit condition on a brute force attack. If you password is not strong enough to withstand that (normally a modified dictionary based search against your password) all your passwords are now in the hands of the NSA and do not think, they will not use them.

hmm, what is that hint for ftN! mode?

The hint is the target pattern, it will be saved in the key store file as cleartext. When you enter your key store password, it will encrypt the target pattern with your password and shows the result (replacing graphic characters by a .). If you remember the target pattern you can then see, if the password you have entered is the right one because you see a known pattern.

What happens when I use different passwords in N,kma mode ?

Well, it works as designed :D
You can do that but you have to remember which key store password was entered when you added the password to the app. For example:

Your brain can hold 2 different passwords: one for user logins and one email accounts.

You then can enter the user login password and click decrypt. You now can use the user login passwords (as they should be correctly decrypted) - all other passwords will show the wrong values. If you want to retrieve a mail account password, you must enter the mail account password and click decrypt. You now can use the mail account passwords, - all other passwords will show the wrong values.

That is an interesting concept, is there a way to distinguish the passwords?

Yes. You will have to do a brute force attack on the passwords.
On all passwords of interest.
Were each password has is encrypted with AES256.
You now have just discovered why there is Guantanamo Bay - do not think to long about it.
And you will start to hear inner voices, which commands you to do paranoid things
So you will use the paranoid features of this application (coming soon...)

When I forget the key store password, how can I prove that?

Well, just don't do that. You can not distinguish your saved passwords from random data. The only possible prove is the correct key store password, which will retrieve a working password. If you somehow forgot the key store password, then the retrieved password will not work but you can not see this in advance (well, that is if you use strong passwords like v9u;A3GBJ"]2hK1U)

This all sounds strange.


But don't forget that the bandits who are controlling you either have no clue about informational technology or know exactly what to do to kick your ass if you do even the slightest mistake.