🔐 NewPass is a free and open source password manager which will allow you to generate and store your passwords securely, saving them locally and encrypting them on your phone's memory
GeneratePasswordViewModel.generateRandomPassword() uses java.util.Random -- which is not cryptographically secure -- instead of java.security.SecureRandom.
EncryptionHelper logs plaintext and keys; understandable for debugging but not something that should occur on users' devices.
(Additionally, I noticed the typo "lenght" a few times.)
6eero
commented
6 months ago
Hi! I noticed the following:
GeneratePasswordViewModel.generateRandomPassword()usesjava.util.Random-- which is not cryptographically secure -- instead ofjava.security.SecureRandom.EncryptionHelperlogs plaintext and keys; understandable for debugging but not something that should occur on users' devices.(Additionally, I noticed the typo "lenght" a few times.)