patrickfav / armadillo

A shared preference implementation for confidential data in Android. Per default uses AES-GCM, BCrypt and HKDF as cryptographic primitives. Uses the concept of device fingerprinting combined with optional user provided passwords and strong password hashes.
https://favr.dev/opensource/armadillo
Apache License 2.0
280 stars 52 forks source link

Fix Bcrypt implementation and add feature to change Key Stretching Function #17

Closed patrickfav closed 6 years ago

patrickfav commented 6 years ago

refs #16

patrickfav commented 6 years ago

@davidmigloz if you have time I would welcome a review about broken brycpt fix

coveralls commented 6 years ago

Coverage Status

Coverage increased (+0.6%) to 86.393% when pulling 3ad384851c4e528acceebfcecd1e1222b8737b44 on feat-16-fix-bcrypt into 6955e2dca6f4782a578d61a3585ae5e57aa5394b on master.

davidmigloz commented 6 years ago

Hi Patrick! Thanks for the new implementation I'll review it today.

davidmigloz commented 6 years ago

Sorry I couldn't review it yesterday in the end. I'll do it this evening!

davidmigloz commented 6 years ago

It looks very good, I haven't found anything. Good job 😄

davidmigloz commented 6 years ago

I was wondering whether we can have a better name for FixedBcryptKeyStretcher without the fixed word. What do you think?

patrickfav commented 6 years ago

Do you have a suggesting. I just wanted it to be different from the old BcryptKeyStretcher

davidmigloz commented 6 years ago

BCryptKeyStretcher (with C in capital letter)? Enough to make an import from an old code fail, but still a nice name. My concern with "fixed" is that one thing is fixed until another bug is found hehe (it shouldn't be the case, but still..)

patrickfav commented 6 years ago

How about just ArmadilloBcryptKeyStretcher?

davidmigloz commented 6 years ago

Also fine 👍