search

ophio / secure-preferences

Android secure shared preferences using Android Keystore system
https://medium.com/@vashisthg/android-secure-shared-preferences-10f8356a4c2b
Apache License 2.0
348 stars 56 forks source link

java-aes-crypto #13

Open doridori opened 9 years ago

doridori commented 9 years ago

You may want to check out https://github.com/tozny/java-aes-crypto

ragdroid commented 8 years ago

Hey @doridori thanks for the comment but I am not sure what is expected from us here. Kindly elaborate.

cc @vashisthg

doridori commented 8 years ago

Sorry I should've explained more.

Looking at the src you use PBEWithMD5AndDES for encryption. Afaik this does not have any inbuilt integrity checking when decrypting, which is what prompted the suggestion of java-aes-crypto which has this built in.

Looking again at the code, PBEWithMD5AndDES is probably a bad choice anyway, as its made up of insecure primitives and could be broken relatively easily. See this SO answer to instill some fear!

Im new to this world but a couple of warning bells for me when scanning the src.

reline commented 7 years ago

I decided to take a look at this and implemented the ObscuredSharedPreferences using the AES algorithm, looking for some feedback on it.