Codebook Help icon Codebook Help

Codebook's Security Features

Codebook uses strong, state-of-the-art encryption to protect your passwords, other sensitive credentials and data. To accomplish this, all data saved in Codebook is encrypted using SQLCipher, our peer-reviewed and open-source encrypted database engine. SQLCipher is an industry leader in database encryption and is widely used by some of the world's premier organizations, protecting data for thousands of apps on hundreds of millions of devices.

SQLCipher is extremely versatile and efficient, allowing Codebook to only decrypt records on an as-needed basis, with great performance. It's also highly portable, enabling us to offer you the same high level of security on iOS, Android, macOS, and Windows.

On Your Device

  • All Codebook Data stored on your device is encrypted
  • Master Password that you create is not stored in Codebook
  • Your encryption key is not stored on your device. It is derived from your Master Password.
  • Random Password Generation
  • Password Review for password strength
  • Passwords can be checked against HaveIBeenPwned.com's API
  • Automatic Screen locking at an interval you choose
  • Codebook locks when the screen saver is activated
  • A sync key is generated that uses your Master Password to create an encrypted QR code that can be used to access your data that is stored remotely
  • If available, Codebook can use Biometrics (Touch Id/Facial Recognition) for login
  • Clipboard data is deleted after 2 minutes

In Transit

  • Your data is always encrypted
  • Data is stored in your cloud account and secured by your cloud password
  • Zetetic cannot access or read your data

Encryption

  • SQLCipher uses a 256-bit AES encryption algorithm in CBC mode, a widely adopted algorithm standardized by NIST and the US government.
  • Codebook uses 256,000 rounds of PBKDF2-HMAC-SHA512 as the KDF algorithm.
  • Provides advanced protection against brute force and side channel attacks.
  • Your encryption key is not stored on your device. It is derived from your Master Password

Click for detailed design information on SQLCipher