Securely store username and password

Problems with WiFi, SQLite ,Bluetooth, WiMax, Proxies, etc...

Securely store username and password

Postby NickStan » Mon Feb 08, 2010 7:49 pm

Hi All

I want to store the username of password on my login screen securely so that it will not have to be entered every time the user logs in. They will only need to enter it every 30 days or once they click 'logout' in the main activity.

What is the best way to store this information (relatively) securely?

I believe that one cannot password protect a Sqlite database. Is this true?

If I do store the username and password in a database what would be the best way to encrypt the values?

Or alternatively can it be stored somewhere on the phone (cookie for example) and encrypted?

Thanks

Nick
Dont resist the inevitable
NickStan
Freshman
Freshman
 
Posts: 7
Joined: Mon Oct 12, 2009 4:54 pm

Top

Postby ajwhite » Tue Feb 09, 2010 1:44 am

Couldn't you use an encryption method for the request & response of the authentication?
ajwhite
Junior Developer
Junior Developer
 
Posts: 10
Joined: Tue Feb 09, 2010 1:38 am

Postby NickStan » Tue Feb 09, 2010 10:28 am

Hi AJWhite

Would it be better to use a tried and tested encryption method or try to create my own?

I have heard that its better not to try and re-invent the wheel with encryption?

Thanks

Nick
Dont resist the inevitable
NickStan
Freshman
Freshman
 
Posts: 7
Joined: Mon Oct 12, 2009 4:54 pm

Postby nebi » Tue Feb 09, 2010 8:41 pm

NickStan wrote:Hi AJWhite

Would it be better to use a tried and tested encryption method or try to create my own?

I have heard that its better not to try and re-invent the wheel with encryption?

Thanks

Nick


go with SHA-256 + salt .
nebi
Once Poster
Once Poster
 
Posts: 1
Joined: Tue Feb 09, 2010 8:31 pm

Postby azraeal » Fri Feb 12, 2010 8:00 am

Store as in handset?

First: how paranoid are you? Sure, use the above mentioned encryption techniques. In fact, I'd suggest so when you're pushing it through the networks.

But for local storage? It seems everyone suddenly forgets that only originating app has read access to its files (not stored on SD card). What's the "Trusted Zone"? Is your app a "Trusted Zone"? So anyone that's in the app can have access to the login data? (Hint: yes, it's a personal device, no point entering a password to get a password, then you'd have to encrypt that 2nd password etc al...).

Again, how paranoid are you? Are you worried about a compromised shell that some idiot flashed their phone with? Are you worried the phone might fall into the NSA's hands where they can physically extract internal memory from the phone?

edit: Forgot to mention that simple preferences are enough. Just make sure the preferences are private.
azraeal
Experienced Developer
Experienced Developer
 
Posts: 71
Joined: Fri Sep 04, 2009 6:34 pm
Location: California

Top

Return to Networking & Database Problems

Who is online

Users browsing this forum: Exabot [Bot] and 3 guests