Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated App Security (markdown)

Dominik Schürmann 2015-03-19 14:15:36 +01:00
parent 4aae17b9a1
commit b8b1ac9c9d
1 changed files with 1 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
App-Security.md

@ -60,12 +60,7 @@ jhat passphrase_cache.hprof
![](https://github.com/open-keychain/open-keychain/raw/master/Resources/docs/passphrase2.png)
![](https://github.com/open-keychain/open-keychain/raw/master/Resources/docs/passphrase3.png)
#### Outcome
Passhrases are in memory, even after timeout (only true for Strings)! Thus:
Protects against: Attacker taking a misplaced smartphone, were the passphrase is still cached and no unlock screen is enabled -> signs/decrypts things
Does not protect against: memory dumps
Strings are in memory, even after timeout!
### Links
* http://blog.sei.cmu.edu/post.cfm/secure-coding-for-the-android-platform