Palm Keyring File Format

KeyringEditor Screenshot

Here is a description of the Palm Keyring file format so that when Keyring finally bites the dust it doesn't take the data with it.

The distribution of KeyringEditor v1.1 by Markus Griessnig includes this summary of the Palm Keyring file format for both format 4 and format 5. (I have added a couple of slight clarifications.)

Header

The header starts with a number of global fields of which only the version, the application info offset and the number of records are important. Only versions (formats) 4 and 5 are supported. The application info offset points to the start of the categories section.

Then follows a set of descriptors one per entry. The descriptor includes an offset which points to the start of the entry in the file. Following that is a fixed length section giving the labels for each of the 16 categories.

Format 5 Header

The format 5 header contains a salt, a number of iterations, the cipher in use: DES-EDE3, AES128 or AES256 and an SHA-1 digest. The key is derived from the password using the PBKDF2 Key Derivation function given the salt, the number of iterations and the required key length for the cipher in use. An SHA-1 digest of the resulting key plus the salt is computed and compared to the SHA-1 digest from the file. If they are not equal the application aborts. This guarantees that the password entered by the user is the same one that was used to create the file. It does not guarantee that the file has not been tampered with.

Format 5 Entries

Each format 5 entry starts with an unencrypted title field and a cryptographically random initialization vector. This means that all of the title fields in the file are visible in the clear—not ideal but presumably the title fields don't give too much away. To avoid exposing the title fields use a more modern password safe application. A new random initialization vector will be generated each time the entry is saved.

Following the title and initialization vector comes the encrypted data for the entry. The data is decrypted using the global key and the initialization vector specific to the entry. This allows the entries to be stored in memory in encrypted form. Only when displayed is the entry decrypted and only one entry at a time is ever in decrypted form. The decrypted entry contains: account, password, date last updated and notes as separate fields.

Password Strength

The level of security for Palm Keyring is in the hands of the user. The level of security is directly related to the length and complexity of the passphrase and how easily it is guessed. Today's password crackers can make in the region of a hundred billion guesses per second. At this rate a random 8 character password can be cracked in under six hours. A recent test was able to guess 90% of a 16,000 password collection within 15 hours. I like this idea for generating a random passphrase: use six random five or six letter words. Here is a password strength tester, and another, to evaluate the strength of a passphrase. (Download the program or unplug your computer, if you don't trust the Internet.)