    Strip v0.4 (Secure Tool for Recalling Important Passwords)

###############################
# NAMING  --- READ THIS!!!!   #
###############################
If you are reading this you have downloaded a version of Strip. Starting
with release .3 there are two different versions of Strip, the first is
Strip v.3t which uses the 3-way algorithm. The second is Strip v.3i which uses
the Idea algorithm, the same algorithm used in PGP.  The 3-way version is completely
free for all types of use. The Idea version is free for non-commercial use. If you
wish to use the Idea version for commercial purposes, you must visit Ascom's web
site and purchase a license (http://www.ascom.ch/infosec/idea/pricing.html).  The 
licenses are not that expensive.  Thanks to Richard Moliner for his work with the Idea
algorithm.

##############
# COPYRIGHTS #
##############
Strip, Copyright(C) 1999, Stephen J Lombardo, All rights reserved.
MD5 message digest, Copyright(C) 1990, RSA Data Security Inc. All rights reserved.
3-way, Copyright(C), Joan Daemen, All rights reserved.
Idea, Copyright(C), Ascom, All rights reserved.

##############
# Disclaimer #
##############
Strip is distributed with NO WARRANTY. 
Strip's security is at MAXIMUM as secure as the MD5 message digest and the 3-way
iterated block cypher algorithms. The author makes NO WARRANTY or claim of security 
of the previous algorithms and is not responsible for the implementation of these algoritms. 
Furthermore the author claims no RESPONSIBLITY for loss of data, theft of data, 
misimplementation or any other loss that might occur due to the use of this program.
For more information see the LICENSE file included with this distribution.

##############
# WHATS NEW  #
##############
This is Strip v 0.4. This version of Strip is both a bug-fix and a new feature release.
Here is what happened:

    1)  Added random password generation.
    2)  Notes button only shows up if you have notes.
    3)  fixed a few miscelaneous bugs.
  
##############
# INTRO      #
##############
Strip (Secure Tool for Recalling Important Passwords) is a password and account
manager for the Palm(T) Computing Platform (aka. palm-pilots). It was designed 
to fit the demanding needs of IT professionals, but it is useful for anyone who 
has to remember passwords, pin numbers, alarm codes, or any other collection of
ID/Key pairs.  

Strip uses strong encryption to safeguard your data.  Before any account 
information is stored to the palm's internal databases it is encrypted 
using the 3-way algorithm designed by Joan Daemen.  3-way is a iterated block
cypher with a 96 bit key length, and a 96 bit block size.  Strip also uses
the MD5 message digest algorithm in key generation. 

################
# USING STRIP  #
################
When you run Strip for the first time you will be prompted to enter
a password. This will become the initial system password, however
this password can be changed at any later date.  Whenever you 
run Strip from that point on you will be prompted to enter your password.
DO NOT FORGET YOUR PASSWORD!!!! Once data is entered into Strip it is 
encrypted before it even touches the palm databases. If you forget your
password you are out of luck. As far as I am aware there has yet to
be a successful cryptanalysis of 3-way that resulted in a better
than brute force attack, so you will have your work cut out for you if
you want to get data back when you forgot the key. 

The exception to this rule is with beaming. Strip allows you to beam
accounts to other Strip users, a feature that is useful in distributed 
administration environments where more than one person shares the same
account (ie. 5 sysadmins who share the root account).  If Strip is the currently running
application when your palm recieves the beam, the data is encrypted
immediatly. If another application is running, Strip does not know
what key to encrypt the data with, so the new account is 
written to the database in plain-text form and flagged for 
later encryption.  The account will be automatically encrypted the next 
time you run Strip. The bottom line is that if you recieve a beam when
Strip is not running you should run it ASAP to ensure maximum security.

There are several other password and account managers out there, I have
personally used 6 of them. I have found that these are all lacking in
4 major areas:

1) only 3 of 6 use any form of encryption, and the 
three that do do not encrypt system names, only the accounts. A true paranoiac
would not want anybody to even find out what systems they have accounts on...

2) All 6 that I have used impose the standard limit of 15 categories/systems. I personnaly
have 47 accounts on 25 systems and organization becomes difficult with that limit.

3)None support beaming, a feature that I use constantly at my work.

4)The six that I have used all have kludgy interfaces that involve multiple
pen taps to view accounts and enter data. Strip was designed for maximum 
navigation speed. Once you log in it is possible to open an account with
only 2 pen taps!!! 


#################
# DISTRIBUTIONS #
#################
If you recieved this file in a package from Zetetic Enterprises (zetetic.net)
you will have one of these three distributions:

1) Source distribution.
    Contains the following files:
************Begin File list************ 
    Callbacks.h 
    Strip.bmp
    Strip.h
    Strip.c
    Strip.rcp
    Strip.prc
    StripRsc.h
    md5.c
    md5.h
    md5Driver.c
    tw.c
    tw.h
    twDriver.c
    LICENSE
    Makefile
    README
***********End File list**************
Assuming that you have the gcc palm development kit you can compile the program
from source by simply typing  "make". This will work with both the Linux and
windows gcc. You will end up with a file called Strip.prc which can be installed
directly onto your palm pilot. There is already a pre-compiled Strip.prc included
with this distribution in case you downloaded the source distribution but you 
dont have the developers kit. 

2) Binary distribution.
    Contains the following files:
************Begin File list************ 
    LICENSE
    README
    Strip.prc
************Begin File list************ 
If you have downloaded this version all you need to do is install the file Strip.prc onto
your palm pilot. It is pre-compiled.

3) Export distribution.
    Contains the following files:
************Begin File list************ 
    Callbacks.h 
    Strip.bmp
    Strip.h
    Strip.c
    Strip.rcp
    Strip.prc
    StripRsc.h
    md5Driver.c
    twDriver.c
    LICENSE
    Makefile
    README
***********End File list**************
Because it is illegal to distribute programs containing strong encryption I cannot
allow people to download the full version. This version contains exactly the same
code as the source distribution, however it is missing the modules that are
responsible for encryption.  Download this package, then download the encryption
modules from a non-us site. You can get the md5 module from:

ftp://ftp.funet.fi/pub/crypt/hash/mds/md5/

The 3-way module can be found at:
ftp://ftp.funet.fi/pub/crypt/cryptography/symmetric/3-way/        

If you downloaded the new Idea version, then please expect to see the tw.c , tw.h, and twDriver.c
to be replaced with their Idea equivalents.

I deliberatly used vanilla implementations of the algorithms to ensure compatablity.
Simply copy the modules into the directory, modify the makefile if the names are different,
compile it and run.  



##############
# LICENSE    #
##############
Strip is distributed under the terms of the GPL. See the file LICENSE for more information,
or go to http://www.gnu.org/copyleft/  .


###############
# DEVELOPMENT #
###############
Strip was written and developed entirely in Linux. It was compiled using the gnu 
palm development kit and Pilrc. During the development of Strip I tried to 
seperate the GUI and the encryption as much as possible. It should be
possible to use any encryption algorithm. Simply write palm drivers, using
twDriver.c and md5Driver.c as examples, and create a function called StripCrypt (twDriver.c),
that takes the same parameters, to do the encryption. Plug and play... In fact this Strip originally
used the IDEA algorithm for encryption, but then I found out that it cost thousands of dollars
to license that algoritm, so I switched to 3-way, which is free. I plan to release a full
export version using some form of encryption with an exportable key-length soon, and if anyone 
has any other algorithms they would like to see used, please let me know.


#############
# CONTACT   #
#############
Stephen J Lombardo
Zetetic Enterprises
lombardos@zetetic.net
Bug reports and feature request should be sent to bugs@zetetic.net
