Dear Nathan,
thank for your answer, very interesting. I didn't know about this library.
Looking at the readme I saw:
"Passphrase Caching: store the passphrase in memory to avoid constantly
prompting the user"
It comes to my mind two questions:
- which is the format used to store the passphrase into the memory?
- (considering my recent activity on memory dump) Having a memory dump
of the android device, is it possible to retrieve this passphrase?
Best,
Massimo
On 28/04/16 18:46, Nathan of Guardian wrote:
On Thu, Apr 28, 2016, at 12:05 PM, Massimo Canonico wrote:
I was looking at the source code of ChatSecure (downloaded from git
repo) in order to figure out how the master password is managed.
The master password is managed by our CacheWord library:
https://github.com/guardianproject/cacheword
CacheWord is an Android library project for passphrase caching and
management. It helps app developers securely generate, store, and access
secrets derived from a user's passphrase.
CacheWord is still under development. Proceed with caution
Broadly speaking this library assists developers with two related
problems:
Secrets Management: how the secret key material for your app is
generated, stored, and accessed
Passphrase Caching: store the passphrase in memory to avoid constantly
prompting the user
CacheWord manages key derivation, verification, persistence, passphrase
resetting, and caching secret key material in memory.
Features:
Strong key derivation (PBKDF2)
Secure secret storage (AES-256 GCM)
Persistent notification: informs the user the app data is unlocked
Configurable timeout: after a specified time of inactivity the app locks
itself
Manual clearing: the user can forcibly lock the application
_______________________________________________
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
To unsubscribe, email: [email protected]
