View Single Post
Jaffa's Avatar
Posts: 2,535 | Thanked: 6,681 times | Joined on Mar 2008 @ UK
#137
The device needs to know the password so short of asking the user for a keychain-like password which is used to derive the decryption key, it's not going to be possible to store the password for a remote service (which it needs) on the device in a secure manner.

Having said that, there are a couple of simple things applications should consider doing when storing the passwords, and xoring the text with the MAC address + some application-specific number is simple enough to stop casual sniffing; even if it's not any more secure in any real way.

Cheers,

Andrew
__________________
Andrew Flegg -- mailto:andrew@bleb.org | http://www.bleb.org