Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated App Security (markdown)

dschuermann 2014-10-10 03:48:05 -07:00
parent 452c7186d6
commit f066e429be
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
App-Security.md

@ -30,9 +30,9 @@ From ``./lint --show AllowBackup``:
### Passphrase Cache
TODO, also: https://github.com/open-keychain/open-keychain/issues/894
1. Start OpenKeychain
2. Sign something, caching the passphrase
3. Open a shell and execute these commands:
1. Start OpenKeychain
2. Sign something, caching the passphrase
3. Open a shell and execute these commands:
```bash
someuser@somehost platform-tools> ./adb shell
$ su
@ -63,7 +63,7 @@ heap-dump-tm1313854763-pid17973.hprof
someuser@somehost platform-tools> ../tools/hprof-conv heap-dump-tm1313854763-pid17973.hprof apg.hprof
someuser@somehost platform-tools> jhat apg.hprof
```
4. Open a browser with ``http://localhost:7000`` and find ``CachedPassphrase`` class, see [PassphraseCacheService.java#L517](https://github.com/open-keychain/open-keychain/blob/development/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java#L517)
4. Open a browser with ``http://localhost:7000`` and find ``CachedPassphrase`` class, see [PassphraseCacheService.java#L517](https://github.com/open-keychain/open-keychain/blob/development/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java#L517)
### Attacking passphrase cache with root access