From 35a7ae64955133692dea8fa2d80105ede2fd1b32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Tue, 17 Mar 2015 02:10:24 +0100 Subject: [PATCH] Updated App Security (markdown) --- App-Security.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/App-Security.md b/App-Security.md index 2ce8bc0..85134a7 100644 --- a/App-Security.md +++ b/App-Security.md @@ -58,8 +58,8 @@ Does not protect against: memory dumps #### Why not char[] instead of String? -* Passphrase is already a CharSequence when retrieved from EditText, thus it is already in memory as something different than char[] (String extends CharSequence) -* Complicates the implementation (pass byte[] in Parcelables instead of Strings?) +* Passphrase is already a ``CharSequence`` when retrieved from ``EditText``, thus it is already in memory as something different than ``char[]`` (String extends ``CharSequence``) +* Complicates the implementation (pass ``byte[]`` in ``Parcelables`` instead of ``Strings``?) * No convincing attack scenario (see argument below) > Some people believe that you have to overwrite the memory used to store the password once you no longer > need it. This reduces the time window an attacker has to read the password from your system and > completely ignores the fact that the attacker already needs enough access to hijack the JVM memory to do > this. An attacker with that much access can catch your key events making this completely useless (AFAIK, so please correct me if I am wrong).