Re: [aerogear-dev] Encrypted Data and IVs
I see 2 options:
- the one you suggested, you encrypt all data with the same iv, salt + passphrase. The app
stores globally iv+salt
- or you encrypt each password (in the case of our demo app) with different IV+salt. You
need to store salt+iv locally (in a header) within the encrypted stream. To decrypt, you
need first to read the header, exact salt+iv.
Second option is less efficient, but more secure because there is more randomness.
The granularity could be the responsibility of the app developer who can decide when to
change the IV+salt.
See some similar idea with code here:
https://github.com/rnapier/RNCryptor/blob/master/RNCryptor/RNEncryptor.m#...
++
Corinne
On Nov 6, 2013, at 9:13 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
I'm not following you, could you please elaborate more? Are you
considering to have an IV, salt per record?
Corinne Krych wrote:
> If you have encrypted the twitter password and then added to the
> encrypted twitter password an additional header with salt and iv, you
> can decrypt. More secure but more storage space. And in this scenario
> salt and iv storage is taken care by framework.
--
abstractj
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev