STRIP Update Fall 2013

2013-10-31 13:16:42 -0400

STRIP is our password manager—we put a lot of love and work into it, we want it to be as secure and easy to use as possible, we really want it to be the best password manager out there. But we don't usually publish our long-term plans because we like to set our own timelines and we don't want to over-promise and under-deliver. STRIP is a pretty big project, involving four native applications that sync together, so our planning process is quite careful and iterative. This can give the impression that we're moving slowly when we're actually doing a ton of work behind the scenes. Since folks are asking a lot lately, we'd like to tell you about the next version of STRIP, and provide some insight on where we're going from here.

STRIP 2.1.0

The next, soon to be released version of STRIP for all platforms is version 2.1.0. We've been testing it all summer alongside a major update to our encryption engine SQLCipher. We're preparing the iOS and Mac versions for app store review now and hope to release all versions simultaneously (including Windows and Android) as soon as we're approved for release. This version will be available for free to upgrading customers.

Here's what you should know about STRIP 2.1.0:

  • It increases the number of PBKDF2 SHA-1 iterations used to protect your database key from 4,000 to 64,000
  • We believe this change is critical to protecting our customers from increasingly sophisticated attacks
  • It is not backwards compatible, once the database is upgraded it cannot be used with older versions
  • It will not sync with earlier versions of STRIP, you'll need to upgrade STRIP on all your devices
  • It's important that you upgrade to this version for future compatibility

This change to your encrypted database is an enormous gain in security at a time when powerful, well-funded organizations as well as individuals and researchers are developing sophisticated means for attacking encryption systems, and in particular brute-forcing passwords. With computing power increasing rapidly it is time to make attacks on STRIP's encryption literally more expensive, massively so.

Some additional things to note about the iOS and OS X versions:

  • iOS versions now use Apple's CommonCrypto library for hardware-accelerated encryption
  • The iPhone version supports iOS 5 up to iOS 7
  • The iPad version supports iOS 6.1 up to iOS 7
  • The OS X version supports OS X 10.6 up to OS X 10.9

We had to drop support for iOS 4.3 finally, because CommonCrypto hardware acceleration support is not available to us there, and it's absolutely necessary due to the increase in PBKDF2 iterations on the database key. Hopefully anybody still running 4.3 out there has the ability to upgrade to the latest iOS. We realize that's not everybody, but numbers suggest there are very few folks in that position, and we do have a contingency plan for anyone who does (if that description fits you, please get in touch with us soon.)

It's important that you upgrade to 2.1

Device and sync compatibility are really important to us and minimizing disruption is best for our customers. In STRIP 2.2 we won't be changing the database format again, but we may start changing the minimum supported OS versions of the various apps as we seek to improve them and take advantage of new APIs. This means that STRIP 2.1 running on older devices that either can't upgrade STRIP to 2.2 or can't upgrade to the latest version of their OS in order to upgrade will remain sync-compatible with STRIP 2.2, allowing us to proceed with needed enhancements without leaving customers on 2.1 out in the cold.

That's why we think you should upgrade as soon as possible, once STRIP 2.1 is released. We've been testing this upgrade for many months to make sure we've got it right, and we'll be standing by to help if there are any issues.

STRIP for iPhone and iPad version 2.2

STRIP for iPhone and STRIP for iPad are going to get face-lifts for iOS 7, we're working on them now and we think you're really going to enjoy the change, it's already a pleasure for us as we work on it, make changes, and test. Here's a sneak peak at the Sync screen in progress:

Work in progress, not final by any means

We're revisiting all of our interfaces as we go over them, to see if we can do a better job, and that was certainly the case for the Sync view. I always wanted to provide better indicators of current sync status. Not only is it a pleasure to watch the red-tinted progress bar zoom across the screen, this will be a big help when debugging issues with our customers by providing them with more information.

This version will also be available for free to upgrading customers.

What's Next

Image and media storage is one of our biggest and oldest feature requests, and we've already done some proof-of-concept work there. It presents challenges in speed and efficiency when it comes to sync operations. Another of our biggest feature requests is background sync—it should just work. And the other biggest feature request is sharing databases—allowing you to decide which of your data you share with whom, with seamless synchronization of your records. The magic word here is sync.

These are not easy problems to solve well and we want to make sure we get it right in the experience department, in making STRIP as easy to use as possible while providing these great new features. On top of that, we need to make sure we maintain and improve the high level of security and diligence our customers have hopefully come to expect from us. Putting aside the interface changes, what we need is a new sync system. We think solving these problems together is critical to providing the best version of STRIP yet, and work is already underway. We call it STRIP 3 and it's pretty much where we've always wanted to take the app, ever since we launched as a stand-alone app on the iPhone.

Beta Testing

Want to help us make STRIP better? Please consider joining our beta testing program. We're looking for testers who are excited to run the latest betas as we go forward, test with (backed up) real-world data, and provide lots of feedback. If that sounds like you, please get in touch!

blog comments powered by Disqus