amoriello / trust-line-ios

trust line iOS app
MIT License
2 stars 1 forks source link

Login and account title are kept and synchronized using iCloud as clear text #4

Open amoriello opened 9 years ago

amoriello commented 9 years ago

This is a design choice.

It is absolutely doable, but I don't consider it for now for performance and usability reasons.

Maybe if I go to a more powerful token platform (e.g: Teensy v3.2), I would consider this.

amoriello commented 9 years ago

Or I can provide an option on generation to encrypt both account title and login (if provided)

This option would be disabled by default, but could be enabled on the "Create Account" ViewController

amoriello commented 9 years ago

Considering a new approach:

Use a new, dedicated key to encrypt login. Trustline-Controller asks the Trustline-token to gives the key on connection (the login key will be protected by the pre-shared comKey).

The login Key will

This seems to be a fair trade-off between security (the key is written in Trustline-token only), and usability: Trustline-Controller has this key in RAM, and can use it to decrypt login, so the UI stays responsive. Unlike Passwords, Trustline-Controller does not rely on Trustline-Token to decrypt logins.