Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated App Security (markdown)

Dominik Schürmann 2015-03-17 02:10:24 +01:00
parent d5626f2bdb
commit 35a7ae6495
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
App-Security.md

@ -58,8 +58,8 @@ Does not protect against: memory dumps
#### Why not char[] instead of String?
* Passphrase is already a CharSequence when retrieved from EditText, thus it is already in memory as something different than char[] (String extends CharSequence)
* Complicates the implementation (pass byte[] in Parcelables instead of Strings?)
* Passphrase is already a ``CharSequence`` when retrieved from ``EditText``, thus it is already in memory as something different than ``char[]`` (String extends ``CharSequence``)
* Complicates the implementation (pass ``byte[]`` in ``Parcelables`` instead of ``Strings``?)
* No convincing attack scenario (see argument below)
> Some people believe that you have to overwrite the memory used to store the password once you no longer > need it. This reduces the time window an attacker has to read the password from your system and > completely ignores the fact that the attacker already needs enough access to hijack the JVM memory to do > this. An attacker with that much access can catch your key events making this completely useless (AFAIK, so please correct me if I am wrong).