[cryptography] Keyspace: client-side encryption for key/value stores
thierry.moreau at connotech.com
Thu Mar 21 10:14:18 EDT 2013
Peter Gutmann wrote:
> Jeffrey Walton <noloader at gmail.com> writes:
>> Android 4.0 and above also offer a Keychain (
>> http://developer.android.com/reference/android/security/KeyChain.html). If
>> using a lesser version, use a Keystore (
> What Android gives you is pretty rudimentary, it barely qualifies to use the
> same designation as Apple's Keychain.
>> Linux has not warmed up to the fact that userland needs help in storing
>> secrets from the OS.
> There's KWallet and Gnome Keyring, last time I looked KWallet was also pretty
> primitive (about the level of Android's Keychain) and not being updated much,
> but the Gnome Keyring seems to be actively updated.
I would say these things (I hesitate to qualify them as IT security
mechanisms or schemes) address an impossible task, for which apparent
success is possible only in a proprietary environment (just making the
reverse engineering harder).
Client-side storage of long-term secrets can only be secured by
dedicated client-side hardware. Your mileage may vary.
More information about the cryptography