Closed subzero911 closed 1 month ago
@subzero911 do you receive an answer to this? @mogol can you give some clarification?
No, I didn't but it looks like a legacy code. I hadn't found that it is used anywhere.
The PerferenceKey is not the AES key. Instead it is used to fetch the encrypted key.
Btw I want to raise request to change the key size to 32 for AES-256.
This will help https://www.youtube.com/watch?v=JogvnnaJ8TI
Was preferencesKeyPrefix implemented for solving above described issue ???
The fix for this issue will be discussed in #769
Is it possible to encrypt values with the custom AES key? I was wondering why it is encrypted "by itself" and does not require the user to enter some secret key. So I examined the source https://github.com/mogol/flutter_secure_storage/blob/develop/flutter_secure_storage/android/src/main/java/com/it_nomads/fluttersecurestorage/ciphers/StorageCipher18Implementation.java
...and found this 😱
Then it's used to encrypt values:
Looks like it is always encrypted with the same hardcoded key, moreover, which is publicly accessible! Seems not secure at all.