On Tue, Jan 14, 2014 at 02:50:18PM +0100, Corinne Krych wrote:
>
> On Jan 14, 2014, at 2:11 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
>
>> Again, storing passwords no matter how super safe is the KeyChain is
>> a terrible idea. Don't do it, please.
>
> Sorry not password but key.
You mean the keys derived from PBKDF2?
>
>>
>>> As for the problem of encrypting with one passphrase then another one and not
be able to decrypt any data afterward, I think this is an issue that should be fixed. JIRA
needed.
>>
>> This is mostly because you have to add a feature of passphrase change first.
>
> +1 make sense
> i
>>
>>
>> On Tue, Jan 14, 2014 at 3:46 AM, Corinne Krych <corinnekrych(a)gmail.com>
wrote:
>> Hi Tadeas,
>>
>> I think you bring back on the table an unfinished discussion on the topic of
AGPassphraseKeyServices(used in password demo app) vs. AGPasswordKeyServices (not used in
any demo yet).
>>
>> In AGPasswordKeyServices the password is stored in secure local storage (KeyChain
for iOS, KeyStore for Android), therefore you could do a password check at login time as
stated in your workflow. I think we intended to have 2 diffences EncryptionServices for
those differents usage.
>>
http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Android-Crypto-API...
>> More work is needed for AGPasswordKeyServices and adding a demo/recipe app for it
would be nice.
>> @summers @cvasilak do you remember the discussion?
>>
>> As for the problem of encrypting with one passphrase then another one and not be
able to decrypt any data afterward, I think this is an issue that should be fixed. JIRA
needed.
>>
>> ++
>> Corinne
>> On Jan 14, 2014, at 2:23 AM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
>>
>>> Hi Tadeas, replied on the same issue.
>>>
>>>
>>> On Mon, Jan 13, 2014 at 12:43 PM, Tadeas Kriz <tkriz(a)redhat.com>
wrote:
>>> Hi there,
>>>
>>> in December, I’ve reported [1] and today Passos asked me if I could rather
send it here to discuss it, as this behavior is the same in other platform’s
implementations (which I wasn’t aware of before). So please read the description on that
JIRA issue. Basically I have nothing more to say about it, what’s not in the description
already. So, what do you think?
>>>
>>> 1 -
https://issues.jboss.org/browse/AGDROID-173
>>>
>>> —
>>> Tadeas Kriz
>>> tkriz(a)redhat.com
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>>
>>>
>>> --
>>>
>>> --
>>> "The measure of a man is what he does with power" - Plato
>>> -
>>> @abstractj
>>> -
>>> Volenti Nihil Difficile
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>>
>> --
>>
>> --
>> "The measure of a man is what he does with power" - Plato
>> -
>> @abstractj
>> -
>> Volenti Nihil Difficile
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
qmx
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev