During the BlackHatEU conference, ElcomSoft presented an analysis of 17 popular iOS and Blackberry password managers. Their results showed that most of the products are:
The presenters noted that Codebook (called STRIP back then), using an encryption key derived through 4,000 iterations of PBKDF2-SHA1, was the most secure app, "by far the most resilient app to password cracking" and appeared to be the only application that properly implemented strong cryptography.
Since this paper was published the number of PBKDF2 iterations in all versions of Codebook has been increased to 64,000, and we've added per-page HMAC authentication to prevent tampering. We're constantly working to improve SQLCipher, Codebook's open-source, encrypted database engine.
Happily we've been hearing more from people who want to migrate data to Codebook from other password managers. As a result, we've authored a simple conversion tool to help new customers migrate from SplashID, 1Password & SafeWallet to Codebook. Instructions for importing your data from LastPass are also available.
The Convert to Codebook utility is free:
Convert to Codebook generates a CSV file that you can then import into Codebook for Windows and Codebook for macOS, which have an Import feature under the File menu. CSV Import is not available on Android or iOS. Codebook for Windows and Codebook for macOS are sold separately from the mobile versions (we can't bundle purchases between the various app stores.)
Convert to Codebook only supports SplashID, SafeWallet and 1Password export files. If there's some other export format you would like to see us support, be sure to let us know!
Since our converter above only supports SplashID, 1Password and SafeWallet export files you may wish to generate your own CSV file for import from some other source or application export format. We've got a guide on our blog covering Codebook's data import feature that should answer all your questions, but please don't hesitate to get in touch for help.