Comments on: Breaking into an Android password manager – Theory http://blog.labix.org/2009/12/01/breaking-into-an-android-password-manager-theory by Gustavo Niemeyer Mon, 16 Jan 2012 12:12:57 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Gustavo Niemeyer http://blog.labix.org/2009/12/01/breaking-into-an-android-password-manager-theory/comment-page-1#comment-72490 Gustavo Niemeyer Sun, 06 Dec 2009 01:01:47 +0000 http://blog.labix.org/?p=203#comment-72490 It's good to know that some of the issues are being fixed. That said, these comments above just reinforce my worries about the application, unfortunately. Unbreakable algorithms, dumb thieves, associating the use of good passwords with "absolute" security (it's <i>some security at all</i>, really)... I can't provide more insight than I already did in these couple of posts at this point, but I do recommend taking a step back and researching a bit more about security before exposing your name next to a security-oriented software which you're selling people. It’s good to know that some of the issues are being fixed. That said, these comments above just reinforce my worries about the application, unfortunately.

Unbreakable algorithms, dumb thieves, associating the use of good passwords with “absolute” security (it’s some security at all, really)…

I can’t provide more insight than I already did in these couple of posts at this point, but I do recommend taking a step back and researching a bit more about security before exposing your name next to a security-oriented software which you’re selling people.

]]> By: Breaking into an Android password manager – Practice « Labix Blog http://blog.labix.org/2009/12/01/breaking-into-an-android-password-manager-theory/comment-page-1#comment-72487 Breaking into an Android password manager – Practice « Labix Blog Sun, 06 Dec 2009 00:38:18 +0000 http://blog.labix.org/?p=203#comment-72487 [...] Archives « Breaking into an Android password manager – Theory [...] [...] Archives « Breaking into an Android password manager – Theory [...]

]]> By: gbrors http://blog.labix.org/2009/12/01/breaking-into-an-android-password-manager-theory/comment-page-1#comment-72483 gbrors Sat, 05 Dec 2009 23:13:13 +0000 http://blog.labix.org/?p=203#comment-72483 I've changed the program so that by default no key is stored in any way, but the user must enter the long master key when starting the program (the short unlock key is still an option for people like myself that prefer ease of use to absolute security, guessing that normal thieves would not invest much time trying to get my secrets with brute force attacks). So if the user chooses a good master key and doesn't use the optional unlock key, then the secrets are really unbreakable (with AES-256). The version 1.1.1 will be published on Sunday. I’ve changed the program so that by default no key is stored in any way, but the user must enter the long master key when starting the program (the short unlock key is still an option for people like myself that prefer ease of use to absolute security, guessing that normal thieves would not invest much time trying to get my secrets with brute force attacks). So if the user chooses a good master key and doesn’t use the optional unlock key, then the secrets are really unbreakable (with AES-256). The version 1.1.1 will be published on Sunday.

]]> By: ben http://blog.labix.org/2009/12/01/breaking-into-an-android-password-manager-theory/comment-page-1#comment-72433 ben Fri, 04 Dec 2009 21:47:32 +0000 http://blog.labix.org/?p=203#comment-72433 I am interested then as to what the best password manager for android would be then? Google Secrets, KeePassDroid, SplashID, etc.? Thanks for pointing this out either way and hope the Hero is treating you well. I am interested then as to what the best password manager for android would be then? Google Secrets, KeePassDroid, SplashID, etc.?

Thanks for pointing this out either way and hope the Hero is treating you well.

]]>