Lockbox: Taking “slide to unlock” to the next level
Published by Steve Streza June 20th, 2008 in UncategorizedAbout 2 weeks ago, I showed a teaser for my new iPhone app, Lockbox. I was deliberately ambiguous, as I wanted to surprise everyone at WWDC with it. After getting some much-needed feedback on the app, I’d like to talk about what Lockbox actually is.
Lockbox is an app that lets you store encrypted photos and notes on your iPhone. Encryption requires that users enter some sort of key into the system, as a means of proving that the person who stored the data encrypted is the person trying to decrypt it. This has historically been done with passwords, which are easy to turn into a key. However, the iPhone’s screen doesn’t really lend itself to entering a complex password. The alternative that Apple has put forward is a 4-digit PIN number. This is too insecure; it would take at most 10,000 iterations to brute force the password, which is child’s play. Clearly, another system is needed.
Lockbox solves this problem with a very unique and innovative means of key entry. Rather than using a password or a PIN, Lockbox lets users draw a gesture with their finger on the screen. The gesture can be as long or as short as the user wants. In my tests, I’ve found the best gestures to be somewhere between 12 and 20 cells, which increases security over PIN numbers against brute forcing by 2 and 4 orders of magnitude respectively. And, as a bonus, gestures are much easier to remember and much faster to enter.
Lockbox will allow users to store encrypted versions of photos and notes. The raw key is never stored on disk, and is overwritten a few times when the application quits. Encryption and decryption is completely transparent and happens in the background. Furthermore, Lockbox is using industry-standard algorithms (specifically SHA-1 and AES). There are two advantages to this: first, the encryption algorithm currently has no known weaknesses; second, these algorithms are hardware-accelerated on the iPhone. Photos can be added from the photo library or the camera, and notes can be edited directly from within the app. Once you get past authentication, the user interface will be very familiar to users of the Photos and Notes apps already on the iPhone.
I’m currently working on getting the app finished, and will hopefully have it ready for the App Store on or near launch. Everyone who has seen it at WWDC has been completely blown away by how easy it is to enter these gestures. Furthermore, I’ll be exploring other options for key-entry. I already have a handful of ideas on other implementations, including one which I’m calling antigestures. However, I’m keeping that a secret for now. 
hi do you have the same unlock gesture for each photo or separate ones.
Great job! My friend Bill sent this link to me because I was proposing an application that did just this over dinner about a month ago. I hope you’re also thinking of putting a patent on it. You’ve got my email so drop me a line and I can even share my other thoughts on this with you.
Doug
Don’t know if you copied it or just came up with the idea separately, but Google’s Android has the same feature to unlock the phone: http://www.techcrunch.com/wp-content/googleio12.jpg.
Damn, the last period was added onto the link: http://www.techcrunch.com/wp-content/googleio12.jpg
Lee: For the first version, there will be one unlock gesture for all your photos.
Andrew: I did see that, which says to me that other people, let alone Google, think this is a good idea. For the record, I’ve been working on Lockbox since early April, while Google showed that in late May.
Maybe I’m not reading this carefully enough, but are you planning to add a feature to ‘gesture protect’ the iPhone? I’d like it to be password protected in case I lose it, but as you say, punching in a sequence of codes is not really enjoyable. Some secret gesture would be perfect. If you implement this, please also add a ‘type password’ button to offer the traditional way of entering a passcode, in case the gesture doesn’t work somehow. Looking forward to paying for the phone lock version - I hope that will be a separate low-cost app!
Pgk: Because of limitations in the iPhone SDK, I can’t replace the standard unlock screen with the gesture pad. I’d definitely love to, and will try working with Apple to see if it would be possible, but I can’t make any promises.
Hi Steve!
Regarding the unlock screen:
> I did see that, which says to me that other people, let alone Google,
> think this is a good idea. For the record, I’ve been working on Lockbox
> since early April, while Google showed that in late May.
For the record, there was already an application for the Palm V years ago called Gridlock (http://gridlock.en.softonic.com/palm) that introduced such an unlock screen. It was/is a 5×5 screen though compared to Lockbox’s 4×4.
I just say this because I was surprised to see the “familiar” screen from back then in an iPhone context. It’s nice to see that someone (Steve) is also bringing this alternative way to enter passwords to modern phones. Good luck with your coding tasks, Steve!
Cheers,
Michael
Any word on the progress of this app? I am *anxiously* awaiting its release!