Peter Gutmann wrote:
Jeffrey Walton <[email protected]> writes:
Android 4.0 and above also offer a Keychain (
http://developer.android.com/reference/android/security/KeyChain.html). If
using a lesser version, use a Keystore (
http://developer.android.com/reference/java/security/KeyStore.html).
What Android gives you is pretty rudimentary, it barely qualifies to use the
same designation as Apple's Keychain.
Linux has not warmed up to the fact that userland needs help in storing
secrets from the OS.
There's KWallet and Gnome Keyring, last time I looked KWallet was also pretty
primitive (about the level of Android's Keychain) and not being updated much,
but the Gnome Keyring seems to be actively updated.
I would say these things (I hesitate to qualify them as IT security
mechanisms or schemes) address an impossible task, for which apparent
success is possible only in a proprietary environment (just making the
reverse engineering harder).
Client-side storage of long-term secrets can only be secured by
dedicated client-side hardware. Your mileage may vary.
- Thierry
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
