On Thu, Apr 28, 2016, at 12:05 PM, Massimo Canonico wrote: > I was looking at the source code of ChatSecure (downloaded from git > repo) in order to figure out how the master password is managed.
The master password is managed by our CacheWord library: https://github.com/guardianproject/cacheword CacheWord is an Android library project for passphrase caching and management. It helps app developers securely generate, store, and access secrets derived from a user's passphrase. CacheWord is still under development. Proceed with caution Broadly speaking this library assists developers with two related problems: Secrets Management: how the secret key material for your app is generated, stored, and accessed Passphrase Caching: store the passphrase in memory to avoid constantly prompting the user CacheWord manages key derivation, verification, persistence, passphrase resetting, and caching secret key material in memory. Features: Strong key derivation (PBKDF2) Secure secret storage (AES-256 GCM) Persistent notification: informs the user the app data is unlocked Configurable timeout: after a specified time of inactivity the app locks itself Manual clearing: the user can forcibly lock the application -- Nathan of Guardian [email protected] _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
