Codebook has always ensured that data is fully encrypted while syncing and backing up via Dropbox, Google Drive and Desktop WiFI. Historically, in Codebook 3, all Sync data was stored in a monolithic database encrypted using a strong key derived from the Codebook Master Password. This approach was simple and secure, but suffered from substantial problems in long term use:
- Master Password changes would break synchronization.
- Strong multi-factor authentication on device (a planned feature) was impossible because derived keys needed to match exactly for Sync to work.
- Sync only worked well for very small databases; supporting images and attachments (another planned feature) was not possible.
- The Sync process was very slow and required a lot of data transfer.
- Losing or forgetting the Master Password would render backup data completely irretrievable.
To address these problems Codebook 4 now uses a combination of Change Tracking and the Sync Key. Every time a change is made to Codebook the update is stored as a chronological series of encrypted Change Sets which are used for synchronization between devices. This means that Codebook 4 only needs to exchange changes during Sync, instead of transferring the whole encrypted database around for comparison. Change Set data is encrypted with the Sync Key, which is separate from the Master Password and is only used to secure data used for synchronization and backup.
The new approach used by Codebook 4 resolves each of the former problems in Codebook 3:
- Because Sync data is encrypted with the Sync Key, Master Password change will not break synchronization (and it is more secure as well).
- Separation of the Sync Key means that device data can be encrypted using multiple sources (e.g. biometric, hardware token) to enable Multi-Factor security in the future.
- Change Tracking scales well to work with much larger database (eventually with attachments and images).
- Syncing is much faster and uses less data, especially over slower connections (e.g. cellular) or with older devices.
- The recommended Sync Key backup process helps protect from catastrophic loss; if devices or the Master Password are lost, stolen, or destroyed the backup QR or Word List can be used as an emergency means to recover data from a Dropbox, Google Drive, or Desktop WiFi backup.
We understand that the Sync Key is a brand-new concept for Codebook users, yet it is essential for the current and future functionality of Codebook. The Sync Key setup, either creation or import, only happens one time per device. After that Sync works transparently just like it always did before.