[aerogear-dev] Strange encrypted store behavior

Bruno Oliveira bruno at abstractj.org
Tue Jan 14 08:11:13 EST 2014


Again, storing passwords no matter how super safe is the KeyChain is a
terrible idea. Don't do it, please.

> As for the problem of encrypting with one passphrase then another one and
not be able to decrypt any data afterward, I think this is an issue that
should be fixed. JIRA needed.

This is mostly because you have to add a feature of passphrase change first.


On Tue, Jan 14, 2014 at 3:46 AM, Corinne Krych <corinnekrych at gmail.com>wrote:

> Hi Tadeas,
>
> I think you bring back on the table an unfinished discussion on the topic
> of AGPassphraseKeyServices(used in password demo app) vs.
> AGPasswordKeyServices (not used in any demo yet).
>
> In AGPasswordKeyServices the password is stored in secure local storage
> (KeyChain for iOS, KeyStore for Android), therefore you could do a password
> check at login time as stated in your workflow. I think we intended to have
> 2 diffences EncryptionServices for those differents usage.
>
> http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Android-Crypto-API-sample-td5306.html
> More work is needed for AGPasswordKeyServices and adding a demo/recipe app
> for it would be nice.
> @summers @cvasilak do you remember the discussion?
>
> As for the problem of encrypting with one passphrase then another one and
> not be able to decrypt any data afterward, I think this is an issue that
> should be fixed. JIRA needed.
>
> ++
> Corinne
> On Jan 14, 2014, at 2:23 AM, Bruno Oliveira <bruno at abstractj.org> wrote:
>
> > Hi Tadeas, replied on the same issue.
> >
> >
> > On Mon, Jan 13, 2014 at 12:43 PM, Tadeas Kriz <tkriz at redhat.com> wrote:
> > Hi there,
> >
> > in December, I’ve reported [1] and today Passos asked me if I could
> rather send it here to discuss it, as this behavior is the same in other
> platform’s implementations (which I wasn’t aware of before). So please read
> the description on that JIRA issue. Basically I have nothing more to say
> about it, what’s not in the description already. So, what do you think?
> >
> > 1 - https://issues.jboss.org/browse/AGDROID-173
> >
> > —
> > Tadeas Kriz
> > tkriz at redhat.com
> >
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> >
> > --
> >
> > --
> > "The measure of a man is what he does with power" - Plato
> > -
> > @abstractj
> > -
> > Volenti Nihil Difficile
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 

-- 
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140114/cb0dd687/attachment-0001.html 


More information about the aerogear-dev mailing list