[aerogear-dev] Strange encrypted store behavior
Douglas Campos
qmx at qmx.me
Tue Jan 14 09:03:04 EST 2014
On Tue, Jan 14, 2014 at 02:50:18PM +0100, Corinne Krych wrote:
>
> On Jan 14, 2014, at 2:11 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
>
> > Again, storing passwords no matter how super safe is the KeyChain is
> > a terrible idea. Don't do it, please.
>
> Sorry not password but key.
You mean the keys derived from PBKDF2?
>
> >
> > > As for the problem of encrypting with one passphrase then another one and not be able to decrypt any data afterward, I think this is an issue that should be fixed. JIRA needed.
> >
> > This is mostly because you have to add a feature of passphrase change first.
>
> +1 make sense
> i
> >
> >
> > On Tue, Jan 14, 2014 at 3:46 AM, Corinne Krych <corinnekrych at gmail.com> wrote:
> > Hi Tadeas,
> >
> > I think you bring back on the table an unfinished discussion on the topic of AGPassphraseKeyServices(used in password demo app) vs. AGPasswordKeyServices (not used in any demo yet).
> >
> > In AGPasswordKeyServices the password is stored in secure local storage (KeyChain for iOS, KeyStore for Android), therefore you could do a password check at login time as stated in your workflow. I think we intended to have 2 diffences EncryptionServices for those differents usage.
> > http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Android-Crypto-API-sample-td5306.html
> > More work is needed for AGPasswordKeyServices and adding a demo/recipe app for it would be nice.
> > @summers @cvasilak do you remember the discussion?
> >
> > As for the problem of encrypting with one passphrase then another one and not be able to decrypt any data afterward, I think this is an issue that should be fixed. JIRA needed.
> >
> > ++
> > Corinne
> > On Jan 14, 2014, at 2:23 AM, Bruno Oliveira <bruno at abstractj.org> wrote:
> >
> > > Hi Tadeas, replied on the same issue.
> > >
> > >
> > > On Mon, Jan 13, 2014 at 12:43 PM, Tadeas Kriz <tkriz at redhat.com> wrote:
> > > Hi there,
> > >
> > > in December, I’ve reported [1] and today Passos asked me if I could rather send it here to discuss it, as this behavior is the same in other platform’s implementations (which I wasn’t aware of before). So please read the description on that JIRA issue. Basically I have nothing more to say about it, what’s not in the description already. So, what do you think?
> > >
> > > 1 - https://issues.jboss.org/browse/AGDROID-173
> > >
> > > —
> > > Tadeas Kriz
> > > tkriz at redhat.com
> > >
> > >
> > > _______________________________________________
> > > aerogear-dev mailing list
> > > aerogear-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > >
> > >
> > >
> > > --
> > >
> > > --
> > > "The measure of a man is what he does with power" - Plato
> > > -
> > > @abstractj
> > > -
> > > Volenti Nihil Difficile
> > > _______________________________________________
> > > aerogear-dev mailing list
> > > aerogear-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> >
> > --
> >
> > --
> > "The measure of a man is what he does with power" - Plato
> > -
> > @abstractj
> > -
> > Volenti Nihil Difficile
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
qmx
More information about the aerogear-dev
mailing list