yes, Zom still uses cacehword. .hc
Massimo Canonico: > Hi all, > > I'll have a third question, than I'll stop, I promise. > > Does ZOM use cacheword too? Since the last commit of cacheword is quite > old (Sept 2015), I thought that maybe Zom uses another library to manage > the master password. > > I was looking for some technical report concerning my three questions, > but I did not find any. > > Thanks for you patience and time. > > Massimo > > > On 28/04/16 19:04, Massimo Canonico wrote: >> Dear Nathan, >> >> thank for your answer, very interesting. I didn't know about this >> library. >> >> Looking at the readme I saw: >> >> "Passphrase Caching: store the passphrase in memory to avoid >> constantly prompting the user" >> >> It comes to my mind two questions: >> - which is the format used to store the passphrase into the memory? >> - (considering my recent activity on memory dump) Having a memory dump >> of the android device, is it possible to retrieve this passphrase? >> >> Best, >> Massimo >> >> >> On 28/04/16 18:46, Nathan of Guardian wrote: >>> On Thu, Apr 28, 2016, at 12:05 PM, Massimo Canonico wrote: >>>> I was looking at the source code of ChatSecure (downloaded from git >>>> repo) in order to figure out how the master password is managed. >>> The master password is managed by our CacheWord library: >>> https://github.com/guardianproject/cacheword >>> >>> CacheWord is an Android library project for passphrase caching and >>> management. It helps app developers securely generate, store, and access >>> secrets derived from a user's passphrase. >>> >>> CacheWord is still under development. Proceed with caution >>> >>> Broadly speaking this library assists developers with two related >>> problems: >>> >>> Secrets Management: how the secret key material for your app is >>> generated, stored, and accessed >>> Passphrase Caching: store the passphrase in memory to avoid constantly >>> prompting the user >>> CacheWord manages key derivation, verification, persistence, passphrase >>> resetting, and caching secret key material in memory. >>> >>> Features: >>> >>> Strong key derivation (PBKDF2) >>> Secure secret storage (AES-256 GCM) >>> Persistent notification: informs the user the app data is unlocked >>> Configurable timeout: after a specified time of inactivity the app locks >>> itself >>> Manual clearing: the user can forcibly lock the application >>> >> > > _______________________________________________ > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > To unsubscribe, email: [email protected] -- PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
