to the web site
all handheld models running Palm OS 3.1 or later,
220KB of free memory for the application and
about 10KB for the data, Windows 95, 98, ME,
NT4, 2000 or XP; Mac OS OS 9 or OS X
use my Palm OS PDA for a lot of different things -
every human I know is listed in the address book (in
SuperNames), all my meetings and appointments (in DateBk5),
and all my logins and passwords (approximately 60 of
them including online banking IDs!) are also stored
on the device. Up until now, the security for all this
stuff has been taken care of by the rather weak password
system built into Palm OS. I misplaced my trusty Palm
Zire 71 recently and briefly went into a blind panic
when I realized just how vulnerable I suddenly was.
Needless to say, I was in a fairly tense state until
the misplaced device revealed itself where I had left
it on the bookshelf in my office. The next day, as
though planned by Newton himself, Splash Data contacted
us about reviewing the latest version of SplashID.
Happy was I.
is a personal identification organizer for Palm OS handhelds.
It's supposed to safely and securely store personal information
including user names, passwords, credit cards, calling
cards, bank accounts, PINs and anything else you don't
want anyone to see. Your data is stored in a secure, encrypted
database which can be accessed on your Palm OS handheld
or desktop computer (PC or Mac).
SplashID we realized the program actually consists of
three integrated components: the SplashID Palm
OS program, the SplashID PC desktop program, and the Splash
Conduit which provides a secure pipeline so that HotSync
can transfer your SplashID data back and forth between
the PC and PDA. The biggest benefit of all this is that
you can also access all your encrypted data on the PC using
the same password you set for the program on the PDA. Once
you've set up a password, SplashID is about as secure as
you can get on a Palm OS PDA. While it's true that just
about any encryption can be cracked given enough time and
resources, you've got to ask yourself if anything you might
store on your PDA is worth the hundreds of thousands of
dollars worth of effort needed to crack properly encrypted
password protection. The simple answer is likely an emphatic "No!".
The first action you should take, in order to get the
most out of the program, is to set a password (you have
to use the exact same password in the desktop program in
order to synchronize data). Thereafter, all data entered
into SplashID will be protected by Blowfish encryption.
For the technical minded, Blowfish is a symmetric block
cipher that can be used as a drop-in replacement for DES
or IDEA. It takes a variable-length key, from 32 bits to
448 bits, making it ideal for both domestic and exportable
use. Blowfish was designed in 1993 by Bruce Schneier as
a fast, free alternative to existing encryption algorithms.
Since then it has been analyzed considerably, and it is
slowly gaining acceptance as a strong encryption algorithm.
Blowfish is unpatented and license-free, and is available
free for all uses. It looks to us as though the blowfish
implementation in SplashID is quite robust. We had an analysis
routine run on the encrypted data and couldn't actually
detect a legible key (and that's a good thing).
When you start
SplashID, the first thing you'll see is the List of current
entries. Tap one to get the details.
Tap the New button to enter data. From the Detail view
(tap any record or tap the "New" button) you
can enter data for existing or new records, categorize
everything, assign a descriptive icon to any or all records
and even adjust the user interface (changing fonts, column
widths and so on). We noted that the displayed data was
extremely clean and legible on our high res Zire 71 and
quite good also on an older greyscale Clie PEG-S360. We
entered data using the Graffiti area, the tap keyboard
and via an external keyboard. Data entry was simple and
we encountered no crashes or other glitches except for
some minor difficulty placing the cursor at the very beginning
of some lines when using the Zire. We've seen this problem
with other programs running on the Zire 71, so it's likely
a Palm OS 5 issue.
If you've been keeping IDs, logons and other confidential
data in MemoPad, or if you can export to MemoPad, SplashID
will import the memos directly. You can also import comma
separated values text files (CSV) from any database as
long as the data fields have been set up according to SplashID's
Cons: It would be nice if SplashID could import data directly
from the Palm OS address book. None of the competing software
does it either, but we'd like to see someone do it and
include an option to delete the address book record as
soon as the data is imported into SplashID. We question
the value and security of data beaming with utilities like
SplashID even if you can only beam encrypted data records
to and from other SplashID owners.
Pros: Works well and fast. Very secure. There's no doubt
that your most personal (and valuable) data is safe when
stored inside password protected SplashID. You can tap
a URL in any listing in the desktop program to launch your
web browser. We really liked the fistful of extra customizable
fields in each record and the almost unlimited number of
categories which can be created (we created over a hundred
new categories before we gave up trying to trip the program).
We liked the ability to assign different colors to different
records - we set up a color code to indicate different
categories. Keep whatever personal data you want on your
Palm OS PDA and sleep easy knowing everything is securely
tucked away from prying eyes, thieves, hackers and you-name-it.
Works on your PC without the PDA. This one's a keeper.
Letters to the Editor are welcome and occasionally abused in public. Send e-mail to: firstname.lastname@example.org