[aerogear-dev] Strange encrypted store behavior

Corinne Krych corinnekrych at gmail.com
Tue Jan 14 08:50:18 EST 2014 

On Jan 14, 2014, at 2:11 PM, Bruno Oliveira <bruno at abstractj.org> wrote:

> Again, storing passwords no matter how super safe is the KeyChain is a terrible idea. Don't do it, please.

Sorry not password but key.

> 
> > As for the problem of encrypting with one passphrase then another one and not be able to decrypt any data afterward, I think this is an issue that should be fixed. JIRA needed.
> 
> This is mostly because you have to add a feature of passphrase change first.

+1 make sense
i
> 
> 
> On Tue, Jan 14, 2014 at 3:46 AM, Corinne Krych <corinnekrych at gmail.com> wrote:
> Hi Tadeas,
> 
> I think you bring back on the table an unfinished discussion on the topic of AGPassphraseKeyServices(used in password demo app) vs. AGPasswordKeyServices (not used in any demo yet).
> 
> In AGPasswordKeyServices the password is stored in secure local storage (KeyChain for iOS, KeyStore for Android), therefore you could do a password check at login time as stated in your workflow. I think we intended to have 2 diffences EncryptionServices for those differents usage.
> http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Android-Crypto-API-sample-td5306.html
> More work is needed for AGPasswordKeyServices and adding a demo/recipe app for it would be nice.
> @summers @cvasilak do you remember the discussion?
> 
> As for the problem of encrypting with one passphrase then another one and not be able to decrypt any data afterward, I think this is an issue that should be fixed. JIRA needed.
> 
> ++
> Corinne
> On Jan 14, 2014, at 2:23 AM, Bruno Oliveira <bruno at abstractj.org> wrote:
> 
> > Hi Tadeas, replied on the same issue.
> >
> >
> > On Mon, Jan 13, 2014 at 12:43 PM, Tadeas Kriz <tkriz at redhat.com> wrote:
> > Hi there,
> >
> > in December, I’ve reported [1] and today Passos asked me if I could rather send it here to discuss it, as this behavior is the same in other platform’s implementations (which I wasn’t aware of before). So please read the description on that JIRA issue. Basically I have nothing more to say about it, what’s not in the description already. So, what do you think?
> >
> > 1 - https://issues.jboss.org/browse/AGDROID-173
> >
> > —
> > Tadeas Kriz
> > tkriz at redhat.com
> >
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> >
> > --
> >
> > --
> > "The measure of a man is what he does with power" - Plato
> > -
> > @abstractj
> > -
> > Volenti Nihil Difficile
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> 
> 
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> 
> 
> 
> -- 
> 
> -- 
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

More information about the aerogear-dev mailing list