Issue Type: Feature Request Feature Request
Assignee: Daniel Passos
Components: crypto
Created: 07/Feb/14 9:33 AM
Description:

Currently on AeroGear Android we provide the password to the KeyStore as is (https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/impl/security/PasswordEncryptionServices.java#L112), but the voices in my head say that we shouldn't trust too much on it.

My proposal is to run a KDF function before and provide it as argument, something like my poorly designed code https://github.com/danielpassos/aerogear-offline-android-demo/pull/2/files#diff-03c379ccef33f73b8bf0302bddf211afR56

Fix Versions: 1.4.0
Project: AeroGear Android
Priority: Major Major
Reporter: Bruno Oliveira
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira