Codebook 4 Public Beta Release Notes

Codebook
1

Codebook 4 is the latest major update to the Codebook password manager, featuring significant enhancements in security and the Sync feature. Read on for information about installing the beta and what’s changed.

Downloading and Installing

Android:

Launch the Google Play app to install the latest beta update.

Google Play requires testers to opt-in to beta testing by accessing the following URL:

https://play.google.com/apps/testing/net.zetetic.strip

iOS:

Launch the TestFlight app on your iOS device to install the latest update, version 4.0.0 build 846. If you do not see Codebook 4 available in Test Flight, tap this link on your iOS device:

macOS:

Download and run the Installer package:

https://www.zetetic.net/downloads/codebook/osx/Codebook-4.0.0-beta4.pkg

Update: the macOS Installer package is now Notarized for use on macOS 10.15 Catalina.

Windows:

Download and run the Installer package:

https://www.zetetic.net/downloads/codebook/windows/beta/CodebookSetupBeta.msi

This build will check for future Beta updates automatically. See the Preferences window to control Stable vs Beta update checks using the Release Channel preference.

Preparing to Test - Backup Your Data

Before testing Codebook 4 you should be sure to have a backup of your Codebook 3 database with all of your passwords. There are several ways of doing this:

  • If you use Codebook on the desktop, you can make a copy of your strip.db file to serve as a backup (see below)
  • If you sync Codebook with Google Drive or Dropbox, copy the file strip.db in the Zetetic folder to serve as a backup
  • On iOS devices you can take a full device backup using
    iCloud or iTunes

Codebook 4 cannot sync with Codebook 3, so you’ll want to install Codebook 4 only on devices that you want to use for testing.

Information on restoring your Codebook data from a backup copy of strip.db is available here.

To backup your desktop database on Windows:

  1. Open Windows Explorer
  2. Paste this path: %APPDATA%\Zetetic LLC\Strip\backups
  3. Copy the file named strip.db to another location

To backup your desktop database on macOS:

  1. Switch to Finder
  2. Paste this path (all one line):
    ~/Library/Containers/net.zetetic.Strip.mac/Data/Library/Application Support/Strip/Backups
  3. Right-click (or control-click) on default.strip and select Show Package Contents
  4. Copy the file named strip.db to another location

New Sync System

Codebook 4 updates the underlying system used to replicate your data. The highest impact change it introduces (in addition to being much faster and more secure) is the Sync Key. In Codebook 4, all sync data is encrypted with your Sync Key, a unique random key that is separate from your Master Password.

Every user that upgrades to Codebook 4 will be prompted to either 1) generate a new Sync Key, or 2) scan the Sync Key they’ve already created on another device (via QR code). To be clear, you should only generate the Sync Key once. When setting up Codebook 4 for the first time on any other device, you’ll scan that Sync Key using your device’s camera.

Here is a demonstration video we’ve prepared that will walk you through creating your Sync Key and adding it to your other devices:

Once you start using the new Sync system you should notice right away that it’s much faster than it had been in the past (after the initial syncing of data). Previously, Codebook needed to download a full copy of the remote database to perform replication and then upload it again on every sync. In Codebook 4 changes are instead replicated in much smaller encrypted updates. Each of these files is an encrypted SQLCipher 4 database using the latest security settings.

Sync Key Backup

Because the Sync Key is required to encrypt and decrypt all sync data, losing access to it would leave the user unable to decrypt any backed-up sync data. To help prevent this from happening we’re encouraging the user to save a hard copy backup of the Sync Key in a safe place. There are two options for doing this: printing an encrypted QR code, and writing down a Word List.

The option to print is most convenient, but may not be ideal if you don’t have a secure or direct connection to the printer in question. The Word List serves as an alternative to printing.

We’re looking forward to your feedback on this feature, we believe it’s somewhat unique. The Word List is a base-7776 encoding of the Sync Key into twenty words from the EFF Diceware list that we already bundle with Codebook for the Password Generator. This encoding makes it possible for the user to write down their Sync Key accurately and the interface for entering it in Codebook is designed to maintain accuracy and avoid misspellings.

Update Cloud Services

After you setup your Sync Key in Codebook 4, Codebook will offer to update any cloud services you sync with (i.e. Google Drive and Dropbox). When it does this it upgrades the data stored on the service to the encryption and format used by the new Sync system. It also deletes the strip.db file previously stored on the service by Codebook 3. You may wish to copy this file or rename it to serve as a backup of your Codebook 3 data before syncing Codebook 4 with the cloud service. The first time you sync Codebook 4 with a Dropbox or Google Drive account it will check for a Codebook 3 database and attempt to upgrade it.

Updated Encryption

Codebook 4 encrypts your passwords and other data with the latest version of SQLCipher 4. This means we’re using much stronger security settings, taking better advantage of the computing power available on modern mobile and desktop devices. Among these:

  • PBKDF2-HMAC-SHA512 is the new KDF algorithm
  • HMAC-SHA512 is now used for per-page HMACs
  • The default database page size has been increased to 4096 bytes
  • KDF iteration count has been increased to 256,000
  • Improved memory sanitization features
  • Significant performance improvements for common use cases on platforms including iOS, Android, and Windows

Codebook’s encryption is now stronger and faster. If you notice any lag while using the application, please let us know.

Desktop Backups feature removed

There is no longer a Backups feature and view in Codebook for macOS and Windows. We recommend that any users relying on this feature look to other common commercial and open-source techniques for regularly making a backup copy of the local database file, strip.db.

Delete Obsolete Backups prompt

Because the Backups feature has been removed, it would be prudent to delete any of the old backup files stored locally on the desktop, which use an older version of the encryption used in Codebook 4. Thus, Codebook 4 for macOS and Windows will prompt you to inquire if it can delete these files.

Sync Operation feature removed

The Sync menus in Codebook 4 no longer provide an Operation setting that allows the user to change the “direction” of a sync to be an Overwrite or a Restore. This feature has been obsoleted by the new Sync system and is removed. If you think you do need this anyway, please get in touch, we should be able to help.

Help Buttons and Documentation

Many of the new interfaces and prompts in Codebook 4 feature a Help button that will launch a URL to documentation on our website. This documentation is under development, and we could certainly use your feedback on this as well. Please let us know if you find it helpful, and if there are any improvements you think we should make.

Password Review on macOS

The Password Review feature in Codebook for macOS has been updated to work on-demand, in addition to while you edit a password. Right-click or control-click on a password field and select the option “Review Password”. Any Weakness Warnings will be displayed as well.

Rearranged Toolbar Buttons on macOS

The default toolbar button set has been given a rearrangment in Codebook for macOS. We think this is a nice improvement over the previous layout. However, you can set it back to the way it was before, or to another configuration! Right-click (or control-click) on the Toolbar and select Customize Toolbar to change the buttons displayed.

Updated Getting Started UI on iOS

There is an improved interface for first-time setup in Codebook for iOS, which is used frequently by existing users setting up a new device, as well as new users of the app. We’re considering bringing a similar Getting Started experience to all versions of Codebook and look forward to your feedback.

Providing Feedback

We’re really looking forward to your feedback on all the new improvements and interfaces, so the sooner you can provide it, the better! Please feel free to email us directly, reply to this post, or write a new post here in the discussion forum.

2

I wish I had had more time earlier. I’m excited to test it.

First feedback:

“Sync Key Setup Complete” screen has cut off text: “Filling In Forms” top and bottom is cut, like there is not enough line space. I’m on macOS Catalina latest.

image
image1450×1616 318 KB

3

On iPad, after you scan the QR code to import the sync key, the keyboard somewhat obscures the textbox for entering your master password, but you can see everything properly if you minimize the keyboard. Sorry I did not get a screenshot.

4

A somewhat rhetorical question: we should not enter our sync key word list into codebook itself for safekeeping, correct?

5

@rickcogley

Thanks for this feedback, we’ll look into getting those clipped/obscured views fixed up. Could I ask which iPad model you’re using?

A somewhat rhetorical question: we should not enter our sync key word list into codebook itself for safekeeping, correct?

Good question!

The sync key is already stored in Codebook itself (to be used for encrypting for your Codebook data during sync). Your sync key is never synced to a cloud remote or sent over the wire with your other Codebook data when syncing.

We guard the Backup Sync Key access within Codebook by prompting for your Codebook Master Password (or Biometric Authentication) prior to displaying it. This is an extra precaution in case you happen to leave Codebook open/unlocked in a public place (obviously not a good idea, and the Codebook data present locally would be compromised, but an attacker wouldn’t be able to gain access to your Sync Key without your Master Password).

Our intention is that you store the backup of your Sync Key somewhere else outside of Codebook that’s safe in case you lose access to all your Codebook devices.

Because of the factors mentioned above, we would recommend against storing your Codebook Sync Key Word List within Codebook entries.

1 Like
6

@rickcogley

Just a couple of additional questions for attempting to reproduce this:

1. Are you on the latest beta version 4.0.0 (775)?
2. What device model is this occurring on?

Edit: Disregard these questions, I was just able to reproduce it on a 2015 MBP on Catalina – will be looking into a fix

7

Thanks for the considered response @mmoore.
As for my iPad model: A1701, an iPad Pro (10.5-inch) from 2017.

8

The next iterations of Codebook macOS + iOS betas are ready to be tested – Codebook for macOS 4.0.0-beta4.pkg and Codebook for iOS 4.0.0 build 846, the links/instructions above have been updated to reflect the new beta versions.

Here’s what’s changed:

iOS:

  • Fixes double Face ID prompt during login after locking device with Codebook open
  • Adds additional instruction text for where to find Add a Device after choosing “Yes” (already have sync key) in Sync Key OnBoarding
  • Additional French translations (thanks Gilles B.)
  • Updates to SQLCipher 4.3.0
  • Fixes “Enter Password” text field not scrolling to being visible after scanning a Sync Key QR code
  • Fixes help button disappearing on iPad in portrait after scanning a Sync Key QR code on iPad
  • Forces light interface for AutoFill/Find in Codebook extensions
  • Re-works AutoFill navigation/presentation/transitions to not present stacked views and not flash the AutoFill configuration screen when launching AutoFill after setup
  • Adds disclosure indicators to the bottom of Sync Key Setup views if viewed on smaller sceens and all their content isn’t visible
  • Improves layout of Sync Key setup screens in landscape

macOS:

  • Updates to SQLCipher 4.3.0
  • Fixes layout issues causing clipping in Completed Sync Key screen on Catalina
  • Fixes race condition crash when quitting Codebook while still in edit mode of an entry
  • Adds additional instruction text for where to find Add a Device after choosing “Yes” (already have sync key) during Sync Key setup

As always, let us know if you experience any issues, or have any feedback by posting here or dropping us a line at support@zetetic.net

Thanks again for taking the time to beta test!

We’re in the home streach here and release versions aren’t too far off!

9

I believe the latest beta builds should resolve the view layout issues you reported on macOS and iOS. Let me know when you have a chance to try them out. Thanks!