[aerogear-dev] Security.next - Encrypt all the things and your feedback

Wed Sep 18 15:48:43 EDT 2013

On Wed, Sep 18, 2013 at 9:40 PM, Bruno Oliveira <bruno at abstractj.org> wrote:

> I guess that what do you want is PBKDF2 aka password key derivation or
> maybe hashing, right?

yep, exactly

> That's exactly what we are trying to achieve with
> "AGSEC-XX: Provide easy to use cryptography interface"
>

OK

>
> I can't see any reasons to keep that jira on AGSEC, but it seems just a
>

Ok, at some point you said all 'sec related issues' should go to AGSEC,
otherwise hard for you to track.
I am fine in not having it in AGSEC, if you prefer the issue to be on
AGPUSH instead.

> duplicated jira or specifics to AGPUSH. At the end of the day, AGSEC
> will solve UnifiedPush, SimplePush and other issues on AeroGear, I hope.
> Please read carefully the proposal and let me know.
>
> Matthias Wessendorf wrote:
> > No it has nothing to do with an iOS device at all. It's really for the
> > UnifiedPush Server only.
> > For iOS notification you need a certificate and a passphrase:
> > https://github.com/aerogear/aerogear-unifiedpush-server#ios-variant
> >
> > The passphrase is stored in plain text on the server, I filed this
> > ticket for adding hashing/salting.
> > https://issues.jboss.org/browse/AGPUSH-210
> >
> > Since this is a 'security' related item I created the AGSEC-89 for the
> > real work, and keeping the AGPUSH item as reference only.
>
> --
> abstractj
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>

-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130918/1217288f/attachment.html 