[aerogear-dev] Strange encrypted store behavior

Corinne Krych corinnekrych at gmail.com
Tue Jan 14 09:11:12 EST 2014


Yep!
On Jan 14, 2014, at 3:03 PM, Douglas Campos <qmx at qmx.me> wrote:

> On Tue, Jan 14, 2014 at 02:50:18PM +0100, Corinne Krych wrote:
>> 
>> On Jan 14, 2014, at 2:11 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
>> 
>>> Again, storing passwords no matter how super safe is the KeyChain is
>>> a terrible idea. Don't do it, please.
>> 
>> Sorry not password but key.
> 
> You mean the keys derived from PBKDF2?
> 
>> 
>>> 
>>>> As for the problem of encrypting with one passphrase then another one and not be able to decrypt any data afterward, I think this is an issue that should be fixed. JIRA needed.
>>> 
>>> This is mostly because you have to add a feature of passphrase change first.
>> 
>> +1 make sense
>> i
>>> 
>>> 
>>> On Tue, Jan 14, 2014 at 3:46 AM, Corinne Krych <corinnekrych at gmail.com> wrote:
>>> Hi Tadeas,
>>> 
>>> I think you bring back on the table an unfinished discussion on the topic of AGPassphraseKeyServices(used in password demo app) vs. AGPasswordKeyServices (not used in any demo yet).
>>> 
>>> In AGPasswordKeyServices the password is stored in secure local storage (KeyChain for iOS, KeyStore for Android), therefore you could do a password check at login time as stated in your workflow. I think we intended to have 2 diffences EncryptionServices for those differents usage.
>>> http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Android-Crypto-API-sample-td5306.html
>>> More work is needed for AGPasswordKeyServices and adding a demo/recipe app for it would be nice.
>>> @summers @cvasilak do you remember the discussion?
>>> 
>>> As for the problem of encrypting with one passphrase then another one and not be able to decrypt any data afterward, I think this is an issue that should be fixed. JIRA needed.
>>> 
>>> ++
>>> Corinne
>>> On Jan 14, 2014, at 2:23 AM, Bruno Oliveira <bruno at abstractj.org> wrote:
>>> 
>>>> Hi Tadeas, replied on the same issue.
>>>> 
>>>> 
>>>> On Mon, Jan 13, 2014 at 12:43 PM, Tadeas Kriz <tkriz at redhat.com> wrote:
>>>> Hi there,
>>>> 
>>>> in December, I’ve reported [1] and today Passos asked me if I could rather send it here to discuss it, as this behavior is the same in other platform’s implementations (which I wasn’t aware of before). So please read the description on that JIRA issue. Basically I have nothing more to say about it, what’s not in the description already. So, what do you think?
>>>> 
>>>> 1 - https://issues.jboss.org/browse/AGDROID-173
>>>> 
>>>>>>>> Tadeas Kriz
>>>> tkriz at redhat.com
>>>> 
>>>> 
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>> 
>>>> 
>>>> 
>>>> --
>>>> 
>>>> --
>>>> "The measure of a man is what he does with power" - Plato
>>>> -
>>>> @abstractj
>>>> -
>>>> Volenti Nihil Difficile
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>> 
>>> 
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>> 
>>> 
>>> 
>>> -- 
>>> 
>>> -- 
>>> "The measure of a man is what he does with power" - Plato
>>> -
>>> @abstractj
>>> -
>>> Volenti Nihil Difficile
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>> 
>> 
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> 
> -- 
> qmx
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev




More information about the aerogear-dev mailing list