ECB? Just say no!

This looked good until I got to the bit about using the ECB (Electronic Code Book) encrpytion mode. Don't do that!

Here's why:
If I'm lazy (and I am) I might use the same password in several different places (and I do). Each time I do that, your program will generate and store the same encrypted output. This makes life incredibly easy for Mallory. Most obviously, if he breaks one, he's got the lot.

There are other attacks that become much simpler for Mallory in this situation. For instance, he can see that not only is the same clear text being used, but the key is being reused too. It is obvious that the scheme is ECB.

Some things you could do to fix this:

Prepend a salt. The UNIX password algorithm uses two digit, base64 random number. This gives 4096 permutations of the password.

Encrypt/Decrypt the whole file. Because the Palm is strictly a single user environment with limited connectivity, there is little risk in having an unencrypted version of the password floating around in memory while the application is open. If you do this, use a proper initialization vector and CBC mode at least.

This link has a very graphic, visual indication of what happens when you encrypt a bitmap image of "Tux" in ECB mode. <http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation>