[aerogear-dev] Strange encrypted store behavior
Douglas Campos
qmx at qmx.me
Tue Jan 14 08:53:43 EST 2014
On Tue, Jan 14, 2014 at 09:46:38AM +0100, Corinne Krych wrote:
> In AGPasswordKeyServices the password is stored in secure local
> storage (KeyChain for iOS, KeyStore for Android), therefore you could
> do a password check at login time as stated in your workflow. I think
Wait, password is stored? ouch - we need to fix this!
No matter how secure is the keystore, it's mandatory for us to use a
key-derivation scheme, or at least the traditional salt+hash. Reversible
encryption is asking for trouble :P
--
qmx
More information about the aerogear-dev
mailing list