Google has recently confirmed that there is a serious issue with improper seeding of the pseudo-random number generator (PRNG) found on some versions of the Android platform. As a result, we've released a new version of SQLCipher for Android which addresses potential risks introduced by this vulnerability. SQLCipher for Android 2.2.2 binaries can be found here.

The issue itself centers around improper default initialization of the OpenSSL PRNG; specifically, it appears from the fix that /dev/urandom was not included in the seeding process to the entropy pool. This increases the likelihood that low-entropy data could be provided when requesting random data from calls to OpenSSL’s RAND_bytes.

Previously, SQLCipher for Android was dynamically linking the system provided version of the OpenSSL library on the device. This means that SQLCipher was using the version of OpenSSL on affected platforms. This reduced complexity and allowed for a smaller binary payload when integrating the library into an application. Unfortunately, it also means that older versions of SQLCipher used the affected versions of OpenSSL on those Android versions.

To address this issue, SQLCipher for Android will no longer rely on Android’s system-provided OpenSSL library. Instead, new binaries statically link the 1.0.1e tag of OpenSSL, currently the latest release. We have verified locally that OpenSSL 1.0.1e includes data from /dev/urandom in the entropy pool during initialization. This change has the added benefit of normalizing behavior, as there are outdated distributions of OpenSSL embedded in certain Android platforms. We estimate that the statically linked library will add 1.0 MB to most ARM-only applications, although it could be as high as an additional 2.3 MB if other architectures are supported (e.g., x86).

SQLCipher relies on random data for two purposes: initial generation of the random database salt, and generation of per-page initialization vectors (IVs) for AES-256-CBC encryption. Happily, neither usage will result in catastrophic failure, as was the case with Bitcoin wallet applications, where poor randomness led to the generation of weak asymmetric keys. That said, it is likely that existing databases created on older Android platforms will have low-entropy salts and IVs. Theoretically this weakness in the underlying PRNG could facilitate optimized attacks in certain circumstances.

As a result, we strongly recommend that you upgrade to the latest SQLCipher for Android binaries as soon as possible. Out of an abundance of caution, we’d also recommend that those concerned with the security of existing databases generated on affected Android platforms perform a database export via the sqlcipher_export convenience function to re-encrypt the database. This process will generate a new random database salt and initialization vectors for all pages in the database.

If you have any questions, please feel free to ask. Thanks!

STRIP for OS X version 2.0.2 is now available in the Mac App Store, providing numerous bug fixes and adjustments. We recommend all customers install this update. Among the changes in this release:

• Fixes disabled editor due to untitled labels 
• Fixes persistence of changes to fields and sort order
• Fixes crash on login when last-accessed entry is no longer available 
• Fixes display of WiFi sync service status in Preferences after launch 
• Fixes add field control on first launch creating untitled label 
• Fixes crash on export due to untitled labels

Customers who're using the version of STRIP for OS X purchased from the Zetetic store will also see the update shortly. Select the STRIP menu and choose "Check for Updates" if automatic update checking is disabled under Preferences.

The latest release of SQLCipher for Android includes a high-priority fix to address a compatibility issue with an upcoming Android OS release. When the new Android version is released, most likely later this year, applications using older SQLCipher for Android versions may crash on first use of the library.

We have been working closely with Google to address the problem, which stems from changes to android::MemoryBase, a wrapper around the Android shared memory functions previously used in the native CursorWindow implementation. The new version of SQLCipher for Android eliminates the use of android::MemoryBase in CursorWindow in favor of allocated heap memory.

Google has confirmed that the latest version of SQLCipher for Android addresses the compatibility issue with the new Android OS version.

Since applications that continue to access the legacy shared memory function will break at some point in the future, Google has recently introduced a warning trigger on API usage in a recent AOSP commit [1].

As a result of this upcoming change, we strongly urge all developers using SQLCipher for Android to upgrade to the newest version. We do not have a specific release date from Google, so it’s important that applications update as soon as reasonably possible.

The latest SQLCipher for Android binaries can be found here [2].

https://android-review.googlesource.com/#/c/61890/
https://s3.amazonaws.com/sqlcipher/SQLCipher+for+Android+2.2.1.zip

We would like to announce a patch release of SQLCipher. It includes the following:

• Addresses a potential threading issue when copying the cipher provider.
• General improvements to the lifecycle of the provider.
• Applied a mutex around RAND_bytes for OpenSSL usage to prevent concurrent calls in applications that have not configured OpenSSL threading callbacks.

The latest source can be found here [1] along with new SQLCipher for Android binaries here [2].

https://github.com/sqlcipher/sqlcipher
https://s3.amazonaws.com/sqlcipher/SQLCipher+for+Android+2.2.1.zip

UPDATE Oct 10, 2013: We've made great progress, and we're opening the download links up below, the latest build of Convert to STRIP for Windows should be processing the SafeWallet XML files correctly now. Please give it a shot and let us know! -WG

UPDATE Oct 8, 2013: The latest versions of SafeWallet (3.0.x) are NOT compatible with our converter. We're working hard with a number of our customers and lots of sample data to resolve this as soon as we can, but it's turned out to be quite a bit more complex than anticipated. We will get it! But be advised that if you are planning to purchase STRIP and to use the converter specifically for SafeWallet data, it does not work right now. Please get in touch with us if you have any questions, and thanks for your patience! -W.Gray

One of the more popular password managers out there is SafeWallet. A few new customers have been checking out STRIP as an alternative after reading about our password manager and have asked us about how they might import their SafeWallet data directly into STRIP. On Friday we posted an updated version of our Convert to STRIP utility to add this new option for both Windows and OS X. Read on to see how it works.

Get STRIP Now »

Convert to STRIP for Windows »

Convert to STRIP for OS X »

Export your SafeWallet data

Launch SafeWallet, login to your wallet, and then select File -> Export, and a simple export wizard will appear allowing you to save a .XML file of your data anywhere on your computer.

Convert SafeWallet data

• Download the STRIP Data converter onto your desktop and Unzip it. Double click the icon to run it.
• Click "Source File" button and choose SafeWallet XML export file.
• Click the Save As button and save strip.csv on the desktop.
• Make sure the "SafeWallet XML" radio button is selected for Source Format.
• Click "Run Conversion" to migrate the file to the Strip export format.

Verify your data

There is now a 'strip.csv' file on your Desktop. You can open it in a spreadsheet editor to check its contents (e.g. OpenOffice.org, Numbers, Excel), or open it in a simple text editor. It's a good idea to check the data over for accuracy before importing it into STRIP.

Note: if you decide to edit your CSV data before import, be sure to save the file as CSV data when done. Additionally, if your data contains international characters (e.g. ü, é, etc) do not attempt to edit the file in Excel, your best bet to preserve these characters correctly is to use the free Calc spreadsheet editor from OpenOffice.org.

Import into STRIP

Log into STRIP on your PC or Mac and choose the strip.csv file on your Desktop.

Once the import is complete you'll see all of your SafeWallet data right in STRIP! Once you've checked that everything looks okay in STRIP you should delete the two plaintext import/export files (remember to empty your trash, or even better, securely delete them).