[aerogear-dev] Strange encrypted store behavior

Tue Jan 14 09:38:21 EST 2014

> Sorry not password but key.

We don't need to store the key once we have the salt, IV, iterations and
the passphrase provided by our user is perfectly possible to generate again
that key.

If this is not happening we need to revisit our code and figure out what's
going on.

On Tue, Jan 14, 2014 at 8:50 AM, Corinne Krych <corinnekrych at gmail.com>wrote:

>
> On Jan 14, 2014, at 2:11 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
>
> > Again, storing passwords no matter how super safe is the KeyChain is a
> terrible idea. Don't do it, please.
>
> Sorry not password but key.
>
> >
> > > As for the problem of encrypting with one passphrase then another one
> and not be able to decrypt any data afterward, I think this is an issue
> that should be fixed. JIRA needed.
> >
> > This is mostly because you have to add a feature of passphrase change
> first.
>
> +1 make sense
> i
> >
> >
> > On Tue, Jan 14, 2014 at 3:46 AM, Corinne Krych <corinnekrych at gmail.com>
> wrote:
> > Hi Tadeas,
> >
> > I think you bring back on the table an unfinished discussion on the
> topic of AGPassphraseKeyServices(used in password demo app) vs.
> AGPasswordKeyServices (not used in any demo yet).
> >
> > In AGPasswordKeyServices the password is stored in secure local storage
> (KeyChain for iOS, KeyStore for Android), therefore you could do a password
> check at login time as stated in your workflow. I think we intended to have
> 2 diffences EncryptionServices for those differents usage.
> >
> http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Android-Crypto-API-sample-td5306.html
> > More work is needed for AGPasswordKeyServices and adding a demo/recipe
> app for it would be nice.
> > @summers @cvasilak do you remember the discussion?
> >
> > As for the problem of encrypting with one passphrase then another one
> and not be able to decrypt any data afterward, I think this is an issue
> that should be fixed. JIRA needed.
> >
> > ++
> > Corinne
> > On Jan 14, 2014, at 2:23 AM, Bruno Oliveira <bruno at abstractj.org> wrote:
> >
> > > Hi Tadeas, replied on the same issue.
> > >
> > >
> > > On Mon, Jan 13, 2014 at 12:43 PM, Tadeas Kriz <tkriz at redhat.com>
> wrote:
> > > Hi there,
> > >
> > > in December, I’ve reported [1] and today Passos asked me if I could
> rather send it here to discuss it, as this behavior is the same in other
> platform’s implementations (which I wasn’t aware of before). So please read
> the description on that JIRA issue. Basically I have nothing more to say
> about it, what’s not in the description already. So, what do you think?
> > >
> > > 1 - https://issues.jboss.org/browse/AGDROID-173
> > >
> > > —
> > > Tadeas Kriz
> > > tkriz at redhat.com
> > >
> > >
> > > _______________________________________________
> > > aerogear-dev mailing list
> > > aerogear-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > >
> > >
> > >
> > > --
> > >
> > > --
> > > "The measure of a man is what he does with power" - Plato
> > > -
> > > @abstractj
> > > -
> > > Volenti Nihil Difficile
> > > _______________________________________________
> > > aerogear-dev mailing list
> > > aerogear-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> >
> > --
> >
> > --
> > "The measure of a man is what he does with power" - Plato
> > -
> > @abstractj
> > -
> > Volenti Nihil Difficile
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>

-- 

-- 
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140114/df602e1e/attachment.html 