On 08/05/2014 02:30 PM, Cédric Jeanneret wrote: > I'm considering using SQLCipher in a new app, as it will store location, > wireless essid and timestamp. > I've looked at the examples[1], but it seems they are using hard-coded > password which, obviously, isn't that good… > > How shall I do in order to get some random password? If possible one per > device, generated at install time or anything like that (well, if that's > possible, of course ;) ).
Cacheword is our solution for that: https://github.com/guardianproject/cacheword CacheWord is an Android library project for passphrase caching and management. It helps app developers securely generate, store, and access secrets derived from a user's passphrase. CacheWord is still under development. Proceed with caution Broadly speaking this library assists developers with two related problems: Secrets Management: how the secret key material for your app is generated, stored, and accessed Passphrase Caching: store the passphrase in memory to avoid constantly prompting the user CacheWord manages key derivation, verification, persistence, passphrase resetting, and caching secret key material in memory. Features: Strong key derivation (PBKDF2) Secure secret storage (AES-256 GCM) Persistent notification: informs the user the app data is unlocked Configurable timeout: after a specified time of inactivity the app locks itself Manual clearing: the user can forcibly lock the application Uses Android's Keystore on 4.x if available - Not Yet Implemented CacheWord requires at least SDK version 2.2 (API level 8) _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
