[aerogear-dev] Security.next - Encrypt all the things and your feedback
Bruno Oliveira
bruno at abstractj.org
Wed Sep 18 14:23:19 EDT 2013
Maybe is my misinterpretation but answers inline.
Matthias Wessendorf wrote:
> One thing:
> https://issues.jboss.org/browse/AGSEC-89
> is not really something _on_ iOS; On the UnifiedPush Server the
> passphrase for the certifcate is stored plain text, should be improved
> by hashing and salting.
I think they are consider completely different beasts. Once you have to
implement it on iOS and the server right? "Encryption for iOS
passphrase" is too generic and can be anything.
>
> So, not sure if we want to remove that AGSEC-89 ticket
Basically the ticket wasn't missed and will be solved by:
* AGSEC-XX: Provide easy to use cryptography interface
*Description*: We must build a foundation for encrypted storage,
before start hacking on it. Having clearly defined goals in a single
place might help to put things in perspective.
Ex: **Android**-crypto, **iOS**-crypto & **JS**-crypto libraries
* AGSEC-XX: Symmetric encryption support:
[GCM](http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf)
-> Link to ** AGIOS - Implement my supercool encryption (just an example)
* AGSEC-XX: Asymmetric encryption support:
[ECC](http://www.nsa.gov/business/programs/elliptic_curve.shtml)
* AGSEC-XX: Password based key derivation:
[PBKDF2](http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf)
* AGSEC-XX: Hashing support: SHA-256, SHA-512
* AGSEC-XX: Message authentication support: GMAC, HMAC *See: AGSEC-57*
* AGSEC-XX: Digital signatures support: ECDSA
--
abstractj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
Url : http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130918/2f875a4c/attachment.bin
More information about the aerogear-dev
mailing list