Well, it seems that some ugly bugs made it into version 1.2.0 of Hash It!. Unfortunately, it took five days to notice…
Anyway, a new version (1.2.1) is out now, which should hopefully solve these issues. If any force closes remain, please drop me a mail.
Today marks another important milestone for Hash It!, your friendly password memorization brain extension. 
While you can conveniently use Hash It! from your preferred mobile web browser via its “Share” feature, some people prefer starting Hash It! from the launcher, which requires manual entry of the site tag. So far, Hash It! did not remember these manually entered site tags, which required repeated re-entry of the respective tag over time. To close this usability gap, Hash It! will remember the site tag in a history from this release on. Just type the first few characters of the desired tag and the history of matching tags will be shown. Users concerned with the privacy implications of this feature can easily disable it in the settings.
Furthermore, Hash It! did not support FroYo’s (Android 2.2) Apps2SD feature. While Hash It! is pretty small (< 100 kB) compared to other Android applications (so this feature is probably not vital), I would still like to leave this decision to the end-user, which is why starting with Hash It! 1.2.0 you can move it to your SD card (given that your phone is running Android 2.2).
Hash It! 1.2.0 is available via the Android Market. Details are also available at: http://android.ginkel.com/
Have fun!
A couple of days ago I visited the UK and also took my Android smartphone with me. After accessing some loal .co.uk web sites I quickly noticed that Hash It! would not figure out the right site tag for them when it was invoked from the Android web browser via the “Share” intent.
So, I just rolled an update, Hash It! 1.1.0, which adds support for the most common ccSLDs (country code second-level domains), such as .co.uk, .ac.uk or .com.sg.
Hash It! 1.1.0 is available via the Android Market. Details are also available at: http://android.ginkel.com/
Enjoy!
It has been a while since I last worked on Hash It!, but thanks to the bug report of an attentive user I just uploaded a new version (1.0.2) of Hash It! to the Android Market. Bottom line: Hash It! now works correctly on Android 1.5.
Hash It! is licensed under the GPLv3 and as such comes with full source code for your entertainment.
Further details on how to download it to your mobile phone as well as the changelog are available at: http://android.ginkel.com/
Get it while it is still hot!
Due to current events I started to think about options for a backup solution that would be able to cope with a complete disastrous loss of hardware. So, off-site storage was warranted.
What I came up with is a backup solution based on Duplicity and Amazon S3.
Storing personal data in the cloud may ring one or another alarm, but with Duplicity the data is safe from prying eyes as all backed up data is sent through GnuPG using public-key encryption before being transferred to Amazon’s data center. You should, however, make sure that one of the private keys used for encrypting the backup is locked away in a safe place, so you have it handy when it is time to perform a restore.
As far as storage costs are concerned, storing 50 GB of data in the AWS S3 cloud for a month costs around 6 EUR, which I personally consider quite competitive for redundant off-site data storage.
Naturally, one drawback remains: Bandwidth usage. It takes a while to load the first full backup into the cloud as the upstream of most DSL lines is rather limited. After that initial load has completed, however, Duplicity is capable of appending incremental backup sets to the existing backup data, so the incremental backups complete much faster.
P.S.: It may sound a little weird that I chose Amazon Web Services as a storage provider after my recent trouble with Amazon.de, but after some thorough market analysis AWS remained as the only feasible option.
As a happy long-term user of the Password Hasher extension for Mozilla Firefox I got used to being able to use different secure passwords per web site without having to take the burden of remembering them all.
When I recently bought an Android-based smartphone I was missing most of that convenience while surfing the Internet from my smartphone as Password Hasher was not available natively on that platform.
Hash It!, an application for the Android platform I developed, is there to bridge this gap: It eases using unique passwords per web site without overloading your brain by generating site-specific passwords derived from a secret master key. It maintains compatibility with the Password Hasher Firefox extension.
Hash It! is free (as in speech) open source software released under the GPLv3 with the source code being available on GitHub.
Further details on how to download it to your mobile phone are available at: http://android.ginkel.com/
Enjoy!
Illuminated CCC logo in front of the bcc @ 26C3
At 26C3 there were a couple of pretty interesting talks dealing with GSM security and how it can be easily broken through active (IMSI catching) and passive (rainbow table attacks on the A5/1 cipher) attacks.
Now, researcher’s are pushing to phase out GSM’s A5/1 cipher replacing it with modern, non-proprietary cryptography as countermeasure to the weaknesses facilitating A5/1’s susceptibility to passive eavesdropping. While this is certainly not a bad idea, it will end up with all but secure GSM calls considering that for GSM calls only the wireless interface benefits from the encryption. It will prevent John Doe from listening to your GSM calls using a wiretapping device placed in front of your apartment, but by no means will it lead to end-to-end security for GSM calls.
So, instead of attacking the wireless interface a malicious hacker would have to turn to the (fixed) telephone network to get hold of your calls.
In the end, only end-to-end encryption of calls will be able to prevent such attacks, so this is IMHO what we should be striving for in the long run.