Closed 4rtemis-4rrow closed 2 months ago
Hey @4rtemis-4rrow, when opening the vault, would you prefer to enter a password each time or have it securely stored (encrypted) in the app? Additionally, should we include biometric authentication for opening?
Stored in keychain plus 6 digits numpad unlock (optional).
for me personally, I'd prefer to enter the password every time, but that's just me, after all, I do value privacy and security more than user friendly-ness
The vault remains encrypted at rest. The numpad just unlock the app, not the vault.
Okay this is a vulnerability, but my main need is defending the vault (at rest) when it is stored in a usb key.
In addition, the numpad can be trained to detect multiple attempts and to respond with defensive actions if under attack. For example, after three wrong attempts it may require the master password.
I've implemented a secure password mechanism using a vault button that prompts for a password. For enhanced security, I've utilized EncryptedSharedPreferences provided by Android. When you first enter a password, it's securely stored. Subsequently, the application uses this password to decrypt notes stored in a vault. Each time you access the vault, you must enter the password again.
Even if someone were to gain unauthorized access to the device and database, they would only see encrypted names and descriptions of the notes within the vault. The stored password in preferences is also encrypted, ensuring it remains inaccessible.
Additionally, due to vulnerabilities associated with brute force attacks, I have decided against implementing a numpad for entry.
Security first approach. It is okay for me.
When the newest apk will be installable for my device? Crashes when I try to install a new version.
You'll need to wait until I release version 1.3 on F-Droid. If it doesn't update, I'll look into it.
title says it all, if I knew kotlin I'd have implemented this myself, just an encrypted password protected notes vault