search

spatchola / secrets-for-android

Automatically exported from code.google.com/p/secrets-for-android
0 stars 0 forks source link

Remote deletion of secrets #5

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Allow the secrets to be deleted from the phone remotely, so that if the
phone is lost or stolen the secrets can be removed from the device.

Original issue reported on code.google.com by roge...@gmail.com on 10 Apr 2009 at 1:31

GoogleCodeExporter commented 9 years ago

Original comment by roge...@google.com on 17 May 2009 at 3:47

GoogleCodeExporter commented 9 years ago 
I think one way to achieve this, that would have the added benefit you could 
"revoke" your data even if the phone never again connects to the network, is 
this:  Every time you save the encrypted data block, you store e.g. 95% of it 
on the phone (and on the server storage if that is enabled) but the other 5% 
are never stored persistently on the phone, and only stored on some server-side 
data storage (ideally one that is different from the primary server data 
storage).  That way, to revoke, you just delete the 5% stored server-side only 
and there should be no way to reconstitute the data*.

The approach would also reduce the possibility that e.g. an attacker breaking 
into your server-side storage providers could steal your data and decrypt it 
using brute force (they would need to break into both storage providers).

The drawback to the approach is that you need to have a data connection and use 
a little bit of data every time you want to access your secrets.  There could 
be a setting to control how long to keep the server-side-only data block in 
memory after it's downloaded, so users could trade off increased security vs. 
increased convenience.

* Note that I'm not sure this is guaranteed in all schemas like the one I 
described, but I'm pretty sure that there are ways to do this which would be 
100% guaranteed safe - this would be a matter of researching the literature, 
although I'm pretty sure something as simple as "one out of every 20 bytes in 
sequence" would do, or certainly something like "each byte has a 1/20 chance, 
dictated by some fixed random seed that is also stored with the 
server-side-storage only, of being stored server-side-only".

Original comment by joi@chromium.org on 8 Jun 2011 at 3:22