[aerogear-dev] Strange encrypted store behavior
Corinne Krych
corinnekrych at gmail.com
Tue Jan 14 09:11:12 EST 2014
Yep!
On Jan 14, 2014, at 3:03 PM, Douglas Campos <qmx at qmx.me> wrote:
> On Tue, Jan 14, 2014 at 02:50:18PM +0100, Corinne Krych wrote:
>>
>> On Jan 14, 2014, at 2:11 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
>>
>>> Again, storing passwords no matter how super safe is the KeyChain is
>>> a terrible idea. Don't do it, please.
>>
>> Sorry not password but key.
>
> You mean the keys derived from PBKDF2?
>
>>
>>>
>>>> As for the problem of encrypting with one passphrase then another one and not be able to decrypt any data afterward, I think this is an issue that should be fixed. JIRA needed.
>>>
>>> This is mostly because you have to add a feature of passphrase change first.
>>
>> +1 make sense
>> i
>>>
>>>
>>> On Tue, Jan 14, 2014 at 3:46 AM, Corinne Krych <corinnekrych at gmail.com> wrote:
>>> Hi Tadeas,
>>>
>>> I think you bring back on the table an unfinished discussion on the topic of AGPassphraseKeyServices(used in password demo app) vs. AGPasswordKeyServices (not used in any demo yet).
>>>
>>> In AGPasswordKeyServices the password is stored in secure local storage (KeyChain for iOS, KeyStore for Android), therefore you could do a password check at login time as stated in your workflow. I think we intended to have 2 diffences EncryptionServices for those differents usage.
>>> http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Android-Crypto-API-sample-td5306.html
>>> More work is needed for AGPasswordKeyServices and adding a demo/recipe app for it would be nice.
>>> @summers @cvasilak do you remember the discussion?
>>>
>>> As for the problem of encrypting with one passphrase then another one and not be able to decrypt any data afterward, I think this is an issue that should be fixed. JIRA needed.
>>>
>>> ++
>>> Corinne
>>> On Jan 14, 2014, at 2:23 AM, Bruno Oliveira <bruno at abstractj.org> wrote:
>>>
>>>> Hi Tadeas, replied on the same issue.
>>>>
>>>>
>>>> On Mon, Jan 13, 2014 at 12:43 PM, Tadeas Kriz <tkriz at redhat.com> wrote:
>>>> Hi there,
>>>>
>>>> in December, I’ve reported [1] and today Passos asked me if I could rather send it here to discuss it, as this behavior is the same in other platform’s implementations (which I wasn’t aware of before). So please read the description on that JIRA issue. Basically I have nothing more to say about it, what’s not in the description already. So, what do you think?
>>>>
>>>> 1 - https://issues.jboss.org/browse/AGDROID-173
>>>>
>>>> —
>>>> Tadeas Kriz
>>>> tkriz at redhat.com
>>>>
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> --
>>>> "The measure of a man is what he does with power" - Plato
>>>> -
>>>> @abstractj
>>>> -
>>>> Volenti Nihil Difficile
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>>
>>>
>>> --
>>>
>>> --
>>> "The measure of a man is what he does with power" - Plato
>>> -
>>> @abstractj
>>> -
>>> Volenti Nihil Difficile
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
> --
> qmx
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
More information about the aerogear-dev
mailing list