Sorry not password but key.

We don't need to store the key once we have the salt, IV, iterations and the passphrase provided by our user is perfectly possible to generate again that key.

If this is not happening we need to revisit our code and figure out what's going on.


On Tue, Jan 14, 2014 at 8:50 AM, Corinne Krych <corinnekrych@gmail.com> wrote:

On Jan 14, 2014, at 2:11 PM, Bruno Oliveira <bruno@abstractj.org> wrote:

> Again, storing passwords no matter how super safe is the KeyChain is a terrible idea. Don't do it, please.

Sorry not password but key.

>
> > As for the problem of encrypting with one passphrase then another one and not be able to decrypt any data afterward, I think this is an issue that should be fixed. JIRA needed.
>
> This is mostly because you have to add a feature of passphrase change first.

+1 make sense
i
>
>
> On Tue, Jan 14, 2014 at 3:46 AM, Corinne Krych <corinnekrych@gmail.com> wrote:
> Hi Tadeas,
>
> I think you bring back on the table an unfinished discussion on the topic of AGPassphraseKeyServices(used in password demo app) vs. AGPasswordKeyServices (not used in any demo yet).
>
> In AGPasswordKeyServices the password is stored in secure local storage (KeyChain for iOS, KeyStore for Android), therefore you could do a password check at login time as stated in your workflow. I think we intended to have 2 diffences EncryptionServices for those differents usage.
> http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Android-Crypto-API-sample-td5306.html
> More work is needed for AGPasswordKeyServices and adding a demo/recipe app for it would be nice.
> @summers @cvasilak do you remember the discussion?
>
> As for the problem of encrypting with one passphrase then another one and not be able to decrypt any data afterward, I think this is an issue that should be fixed. JIRA needed.
>
> ++
> Corinne
> On Jan 14, 2014, at 2:23 AM, Bruno Oliveira <bruno@abstractj.org> wrote:
>
> > Hi Tadeas, replied on the same issue.
> >
> >
> > On Mon, Jan 13, 2014 at 12:43 PM, Tadeas Kriz <tkriz@redhat.com> wrote:
> > Hi there,
> >
> > in December, I’ve reported [1] and today Passos asked me if I could rather send it here to discuss it, as this behavior is the same in other platform’s implementations (which I wasn’t aware of before). So please read the description on that JIRA issue. Basically I have nothing more to say about it, what’s not in the description already. So, what do you think?
> >
> > 1 - https://issues.jboss.org/browse/AGDROID-173
> >
> > —
> > Tadeas Kriz
> > tkriz@redhat.com
> >
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev@lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> >
> > --
> >
> > --
> > "The measure of a man is what he does with power" - Plato
> > -
> > @abstractj
> > -
> > Volenti Nihil Difficile
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev@lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> --
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev


_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev



--

-- 
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile