Again, storing passwords no matter how super safe is the KeyChain is a terrible idea. Don't do it, please.

> As for the problem of encrypting with one passphrase then another one and not be able to decrypt any data afterward, I think this is an issue that should be fixed. JIRA needed.

This is mostly because you have to add a feature of passphrase change first.


On Tue, Jan 14, 2014 at 3:46 AM, Corinne Krych <corinnekrych@gmail.com> wrote:
Hi Tadeas,

I think you bring back on the table an unfinished discussion on the topic of AGPassphraseKeyServices(used in password demo app) vs. AGPasswordKeyServices (not used in any demo yet).

In AGPasswordKeyServices the password is stored in secure local storage (KeyChain for iOS, KeyStore for Android), therefore you could do a password check at login time as stated in your workflow. I think we intended to have 2 diffences EncryptionServices for those differents usage.
http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Android-Crypto-API-sample-td5306.html
More work is needed for AGPasswordKeyServices and adding a demo/recipe app for it would be nice.
@summers @cvasilak do you remember the discussion?

As for the problem of encrypting with one passphrase then another one and not be able to decrypt any data afterward, I think this is an issue that should be fixed. JIRA needed.

++
Corinne
On Jan 14, 2014, at 2:23 AM, Bruno Oliveira <bruno@abstractj.org> wrote:

> Hi Tadeas, replied on the same issue.
>
>
> On Mon, Jan 13, 2014 at 12:43 PM, Tadeas Kriz <tkriz@redhat.com> wrote:
> Hi there,
>
> in December, Iíve reported [1] and today Passos asked me if I could rather send it here to discuss it, as this behavior is the same in other platformís implementations (which I wasnít aware of before). So please read the description on that JIRA issue. Basically I have nothing more to say about it, whatís not in the description already. So, what do you think?
>
> 1 - https://issues.jboss.org/browse/AGDROID-173
>
> ó
> Tadeas Kriz
> tkriz@redhat.com
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> --
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev


_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev



--

--†
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile