On Tue, 30 Aug 2011 08:12:18 -0700 (PDT) Chris Stratton <[email protected]> wrote:
> However, > there are a few obvious things you can avoid, such as writing out plaintext > information to an sqlite database. If your just confirming the password entered is correct then you can one way hash it with something stronger than md5 and sha1 like blowfish or sha256 at the earliest opportunity and then you know it matches the stored cipher and can hang onto it without worrying as you can't even determine it yourself. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
