Thread
:
Modest Beta for OS2008 Now Out
View Single Post
Jaffa
2008-03-16 , 16:08
Posts: 2,535 | Thanked: 6,681 times | Joined on Mar 2008 @ UK
#
137
The device needs to know the password so short of asking the user for a keychain-like password which is used to derive the decryption key, it's not going to be possible to store the password for a remote service (which it needs) on the device in a secure manner.
Having said that, there are a couple of simple things applications should consider doing when storing the passwords, and xoring the text with the MAC address + some application-specific number is simple enough to stop casual sniffing; even if it's not any more secure in any real way.
Cheers,
Andrew
__________________
Andrew Flegg
-- mailto:andrew@bleb.org |
http://www.bleb.org
Quote & Reply
|
Jaffa
View Public Profile
Send a private message to Jaffa
Visit Jaffa's homepage!
Find all posts by Jaffa