<div class='os_post_top_link'><a href='http://subsembly.com/en/wallet.html' target='_blank'>http://subsembly.com/en/wallet.html</a><br /><br /></div><i>"Subsembly® Wallet is an extremely secure password and data safe application. Stored passwords and confidential data are protected by state-of-the-art 256 bit AES encryption technology. Subsembly Wallet Pocket is optimized for use in mobile environments by providing convenient one-handed access according to the new Windows Mobile 5.0 user interface style."</i><br /><br /><img src=http://www.pocketpcthoughts.com/images/web/2003/SubWalletEyeCatcher.gif><br /><br />Subsembly, the newest addition to the pocket pc wallet application genre, is now available, supporting variable encryption levels, so you can be paranoid, somewhat paranoid, and ultra paranoid about your data (Or use a higher encryption level if your company requires). They have a 30 day trial, and are offering a 50% off coupon to Thoughts readers, simply use <b>2C3EE385</b> when ordering from <a href="http://www.handango.com/ampp/store/PlatformProductDetail.jsp?siteId=311&productType=2&productId=188655">Handango</a> [Affiliate]!

Hi,

I have one important note to add: The coupon code is only valid through 31st of May!

Ooh, this is nice timing. I was looking for something to compare with eWallet, and FlexWallet failed to install on my device... so now i can use this as an alternative. Looks like i might prefer the layout too.

(edit: bears mentioning alex has been in touch about flexwallet after reading this, which is just really cool. i'm loving the interest pda-software developers show in users! very different from standard commercial cust service)

I know that secure storage of your data is the most important part of programs like these. But it just doesn't look nice on a VGA screen....blurry icons and parts of the screen.

Anyone know if this wallet will lock out the wallet file after so many failed password attempts? I can't find anything about that on the info page, so my fear is no.

I guess I'll keep searching for a wallet that will lock out a wallet until the next sync. Until then I'll be too paranoid about loosing my device and someone guessing their way into the wallet.

codewallet has this since..what the heck i know

You are right, there is currently no limit on the number of password tries when opening the wallet. If there is popular demand for such a feature I will add it in the next minor release (free update). What would you suggest that the application should do when all password attempts have been used up without success?

However, for the sake of security one should always choose a password that cannot be guessed. Therefore, when creating the wallet the application provides an indication about the strength of the password chosen.

Also, a software implemented counter to restrict the number of password attempts, can always be forged through some re-enginering. A really destined hacker attempting to crack the wallet encryption will always do so through some special application, ignoring any such counter completely. So it actually gives you a false sense of security.

What would you suggest that the application should do when all password attempts have been used up without success?

I know there are probably technical limitations on what can feisably be done, but placing a software lock on the file could work. The lock would be opened on next desktop sync and/or after so many minutes. The number of minutes would be user-defined and could be turned off so that only a sync will unlock it.

However, for the sake of security one should always choose a password that cannot be guessed.

Obviously. I'm always conflicted though over having a really strong password and having quick access to the info I need frequently. I guess folder/card-level passwords would be a way around that.

Also, a software implemented counter to restrict the number of password attempts, can always be forged through some re-enginering. A really destined hacker attempting to crack the wallet encryption will always do so through some special application, ignoring any such counter completely. So it actually gives you a false sense of security.

I hadn't thought about using a standalone app to crack the file. However I think the lock would provide a bit of a barrier to less-determined theives/hackers/finders/etc.
Maybe instead of just a lock it could overwrite the file with random bits. Don't know how possible that is though. Plus the file would still be available to determined hackers before they might try to guess the password.

Hi,

I guess locking the file for some amount of time is probably the best idea. Because it is only the manual password entry attempts that can be locked out, anyway. Requiring a sync on the other hand may be a problem if you are using your Pocket PC on a longer travel, or you have a Mac to sync with.

Currently folder/card-level passwords are not supported, but you could easily create multiple Wallet files with different encryption and passwords.

Overwriting the file would be possible. But due to the way a mechanism called "wear levelling" is used with flash memory, any new data that is written to memory is internally written to a new location. Hence the data will still be physically present in the flash memory. Although I am not sure how to get access to it.

I like the idea of locking the user out for just a couple of minutes. I guess I will add this feature in the next minor release, due for end of July. As usual with my software the minor release will be a free update. Thanks for your input!