Tap Forms – Organizer Database App for Mac, iPhone, and iPad › Forums › Using Tap Forms › Tap Forms – Security
September 15, 2009 at 2:29 PM #2999
First of all kudos to creating such a useful application. I’m certainly looking forward to at first testing the lite version and then purchasing it in the future.
Although, I would like to raise a feature request that would certainly benefit all of your users relating to password security/data destruction.
I’m quite concerned that despite the AES 256-bit encryption that Tap Forms employs, a four character numerical limit exists on what key can be chosen. I did a quick calculation and without repetitions, 5040 combinations are possible. I have read that you have a lock-out period of two hours, but if someone’s iDevice is stolen and the thief was absolutely determined to get the data, it is possible to do so.
Even though it’s extremely unlikely, if someone was determined enough, one could get the raw file(s) used to store the information and bruteforce it from outside the application.
It would be excellent if Tap Forms would accept alpha-numeric passwords, and if a certain number of user-defined incorrect passwords are entered, Tap Forms would delete/destroy all of the data entered (with a warning before doing so).
Yeah, I might sound completely paranoid, but considering what could potentially be put in this application (not just by me), paranoia can also be peace of mind. People like those who store customer details for their business on the go, very personal information, or even government information whose users work for said organisation (even if it is against policy).
Although there is the argument “That sort of info should be put in [your] app anyway”, people still do it so it would be nice to have protection that would at least keep safe such information, or destroy it if someone attempts to get into it.
Good luck with your future ventures with Tap Forms!September 15, 2009 at 5:53 PM #3764
Actually, the 4 digit passcode is only for the lock-out mechanism. The Encryption mechanism uses a 32 character alpha-numeric encryption key that is completely separate from the passcode. With that you can have Tap Forms not locked for quick access, but then have specific forms that are locked using a separate alpha-numeric password (encryption key).
Hope that eases your mind.
BrendanSeptember 16, 2009 at 5:40 PM #3765
Yes that does, and my interest has gone up quite a few points.
Is it still possible to have a feature that would allow Tap Forms to destroy the data should either of the password features attempt to be bruteforced? It’s certainly something that I would use as I’d rather Tap Forms wipe itself and me lose information than for someone to figure out the key and have access to it.
A more descriptive front page would be great too.
Cheers.September 18, 2009 at 6:10 AM #3766
I haven’t thought of adding a wipe-out feature, but I suppose it wouldn’t be that difficult to implement. Just very dangerous. I can see lots of people getting tripped up by such a feature and then getting angry at me for them losing their data. But the iPhone has this feature built-in to it too. But that’s for the entire phone, not just a single application.
BrendanSeptember 19, 2009 at 2:45 PM #3767
Thanks for that. I just happened to figure that out myself.
Good luck with it!
You must be logged in to reply to this topic.