[aerogear-dev] Security.next - Encrypt all the things and your feedback
Bruno Oliveira
bruno at abstractj.org
Wed Sep 18 15:40:10 EDT 2013
I guess that what do you want is PBKDF2 aka password key derivation or
maybe hashing, right? That's exactly what we are trying to achieve with
"AGSEC-XX: Provide easy to use cryptography interface"
I can't see any reasons to keep that jira on AGSEC, but it seems just a
duplicated jira or specifics to AGPUSH. At the end of the day, AGSEC
will solve UnifiedPush, SimplePush and other issues on AeroGear, I hope.
Please read carefully the proposal and let me know.
Matthias Wessendorf wrote:
> No it has nothing to do with an iOS device at all. It's really for the
> UnifiedPush Server only.
> For iOS notification you need a certificate and a passphrase:
> https://github.com/aerogear/aerogear-unifiedpush-server#ios-variant
>
> The passphrase is stored in plain text on the server, I filed this
> ticket for adding hashing/salting.
> https://issues.jboss.org/browse/AGPUSH-210
>
> Since this is a 'security' related item I created the AGSEC-89 for the
> real work, and keeping the AGPUSH item as reference only.
--
abstractj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
Url : http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130918/26b2452c/attachment-0001.bin
More information about the aerogear-dev
mailing list