search

vikasdummy / kashmiriDictionaryIssueTracker

Just to track issues, no code here.
0 stars 0 forks source link

encrypt database #43

Closed vikasdummy closed 10 years ago

vikasdummy commented 10 years ago

necessary. https://guardianproject.info/code/sqlcipher/

vikasdummy commented 10 years ago

http://myownandroid.blogspot.in/2013/09/sqlcipher-in-android.html

http://zetetic.net/blog/2009/12/29/how-to-encrypt-a-plaintext-sqlite-database-to-use-sqlcipher.html

vikasdummy commented 10 years ago

proguard to prevent decompile: http://stackoverflow.com/questions/21199427/prevent-decompiling-android-apk

vikasdummy commented 10 years ago

http://sqlcipher.net/introduction/ http://sqlcipher.net/open-source http://mountandcode.blogspot.in/2012/07/installing-sqlcipher-sqlite-encryption.html

http://thebugfreeblog.blogspot.in/2012/08/compiling-sqlcipher-for-windows.html http://stackoverflow.com/questions/4353037/compile-sqlite-with-sqlcipher-on-windows

vikasdummy commented 10 years ago

Windows sucks .. will use ubuntu to create binaries.

vikasdummy commented 10 years ago

http://sqlcipher.net/sqlcipher-for-android/ <-- imp

vikasdummy commented 10 years ago

http://www.basic4ppc.com/android/forum/threads/why-sqlcipher-database-is-bigger-and-can-not-be-compressed.37802/
Post encryption DB does not compress. Resulting in 5 to 18 Mb size jump. -- Need to compress it. -- Delete the asset db ?http://stackoverflow.com/questions/3406581/security-of-android-assets-folder :(

should use secondary download from GOOGLE play store ??!!!

vvikas commented 10 years ago

proguard trims ?

https://groups.google.com/forum/#!topic/sqlcipher/bbrY0GPX_kQ

vikasdummy commented 10 years ago

New Design:

  1. Seperate DB
  2. On Install download DB from Internet to a local folder. Since its encrypted , no issues to keep it anywhere.

POC steps:

  1. Is password in application safe -- not in true sense, but can be made difficult
  2. Can db accesses fast from sdcard. -- yes.
vikasdummy commented 10 years ago

Passwd easily retrievable :

http://aspandroid.blogspot.in/2013/07/step-by-step-procedure-to-decompile.html

check: http://dominoc925.blogspot.in/2013/12/how-to-obfuscate-android-apk-file-using.html

vikasdummy commented 10 years ago

for using pro guard to obsfucate: https://gist.github.com/developernotes/3040592#file_proguard.cfg http://stackoverflow.com/questions/20406993/enable-proguard-for-only-two-packages-in-large-android-application

vikasdummy commented 10 years ago

IF PASSWORD IS IN APP. WE CAN AT BEST DELAY SOMEONE FORM GETTING TO PASSWORD NEVER STOP IT. WILL OBSFUCATE STILL !!

vikasdummy commented 10 years ago

http://stackoverflow.com/questions/3028306/download-a-file-with-android-and-showing-the-progress-in-a-progressdialog

user needs to be patient while db download happens ...

vikasdummy commented 10 years ago

-- Network break check -- User cancel check[since db is currpt, delete it maybe]