search

jainjayesh / android-passwordsafe

Automatically exported from code.google.com/p/android-passwordsafe
0 stars 0 forks source link

Make pbe algorithm configurable #3

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 

A selection when entering the initial password where you can select
algorithm would be cool.

PBEWithMD5 could then be replaced with PBEWithSHA1 for example (since MD5
is a bad word nowadays :-).

Btw. In javadoc it says 256bit AES is used, but in the code 128bit is used.

What version of the product are you using? On what operating system?

0.2.2. From read-only svn on 2008-10-06.

Original issue reported on code.google.com by Tomasshr...@gmail.com on 6 Oct 2008 at 3:29

GoogleCodeExporter commented 9 years ago 
Great app btw. I was thinking myself that this was needed, but I couldn't have 
done
it anything near as nice as this.

Original comment by Tomasshr...@gmail.com on 6 Oct 2008 at 3:34

GoogleCodeExporter commented 9 years ago 
I updated the javadoc to 128bit.

I'm not so sure we want to frighten people with choices like that.  I think we 
as
developers should simply select the most appropriate encryption for them.   Do 
you
have a recommendation over PBEWithMD5And128BitAES-CBC-OpenSSL ?

I don't profess to be cryptographer.   If I can, I'll poke around.   And you are
right, it would be a nice Advanced feature.

Original comment by rmce...@gmail.com on 9 Oct 2008 at 12:25

GoogleCodeExporter commented 9 years ago 
+1 for just picking something and going with it.  Most people won't know the 
difference.

Original comment by osborn.s...@gmail.com on 9 Oct 2008 at 4:20

GoogleCodeExporter commented 9 years ago 
Ok, I can agree on this, don't confuse users. I'll take a deeper look in the 
crypto
stuff to review it, but it looks pretty simple and clean from what I saw so far.
As regarding algorithm I would have gone for something with SHA1 instead of MD5,
since MD5 is broken and should perish from the earth...

With regards to PBE I doubt this has any real meaning though, since it's not 
digital
signatures so you're really not concerned about constructing a message with
collisions in the hash. Simply because an attacker don't have access to the 
output of
the MD5 hashing (the key).

So the conclusion is, what's already there is fine with me :-)

Original comment by Tomasshr...@gmail.com on 9 Oct 2008 at 6:04

GoogleCodeExporter commented 9 years ago 
I experimented with three algorithms:

PBEWithMD5And128BitAES-CBC-OpenSSL
PBEWithSHA1And128BitAES-CBC-BC
PBEWithSHA1And256BitAES-CBC-BC

As I moved from MD5 to SHA1 and then up to 256Bit the application got 
progressively
slower when importing a .CSV with only 10 entries.   I'd say that SHA1And256Bit 
was
at least two times slower than MD5and128Bit.   So there is a real performance 
penalty
for the better encryption.

For now I'd be inclined to stick with the lower MD5 encryption.

Original comment by rmce...@gmail.com on 22 Oct 2008 at 4:21

GoogleCodeExporter commented 9 years ago

Original comment by osborn.s...@gmail.com on 30 Oct 2008 at 12:47