[guardian-dev] ChatSecure & TextSecure
Michael Rogers
michael at briarproject.org
Wed Aug 28 13:27:53 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 26/08/13 22:51, Dev Random wrote:
> TextSecure actually stores the current keys in the (encrypted)
> data store. That means it's not really PFS, unless you physically
> destroy the flash memory chips or you "securely forget" your
> password.
Pond addresses this problem by using the TPM. We should look into
whether the new hardware-backed key storage in Android 4.3 can be used
in a similar way.
https://github.com/agl/pond/tree/master/client/tpm
http://nelenkov.blogspot.co.uk/2012/07/jelly-bean-hardware-backed-credential.html
Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJSHjMZAAoJEBEET9GfxSfMSroH/Rkuhl7Mb9McwSmiCU089rE3
qBk2oEQaLflms3y9UobtjEmQIjYVss8BA7M5w8kN7N3NlTdBbWY1pFrrdvmH7YOt
5kvTDw6Qu6xk3+HD1tRvrR6ZNa3wmLQUfqKfSKTOflSY9BcCusgAvtJ9LDcVP83u
kiyB0Rzs/NOTNP3rhzE+QmfvdZzdqPEA4PWFBhzJ9muzPL95jqPnQ5YVkCITyoen
4NzLlb0oJArx4B0rDx4niub58utACWjjXtAtRLcdxzWL/0Td3jt/fRJVSXsVre54
MOgNRbZsqvvqGqfgm62Pfbo3JJURhfHT3UdUCXOP8876BLV/tSlIGG8mAgRFZTY=
=Z248
-----END PGP SIGNATURE-----
More information about the Guardian-dev
mailing list