Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated App Security (markdown)

Dominik Schürmann 2015-03-17 02:17:33 +01:00
parent 661a12a3f7
commit 0543ad137e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
App-Security.md

@ -62,7 +62,7 @@ Does not protect against: memory dumps
* Complicates the implementation (pass ``byte[]`` in ``Parcelables`` instead of ``Strings``?)
* No convincing attack scenario (see argument below)
> Some people believe that you have to overwrite the memory used to store the password once you no longer > need it. This reduces the time window an attacker has to read the password from your system and > completely ignores the fact that the attacker already needs enough access to hijack the JVM memory to do > this. An attacker with that much access can catch your key events making this completely useless (AFAIK, so please correct me if I am wrong).
> Some people believe that you have to overwrite the memory used to store the password once you no longer need it. This reduces the time window an attacker has to read the password from your system and completely ignores the fact that the attacker already needs enough access to hijack the JVM memory to do this. An attacker with that much access can catch your key events making this completely useless.
(from http://stackoverflow.com/a/8881461)