[guardian-dev] developer sneak peak: CacheWord

Abel Luck abel at guardianproject.info
Mon Mar 18 18:52:17 EDT 2013


Hey folks,

I'm inviting Android app developers to check out a new library from
Guardian Project that aims to solve your password handling woes.

Password handling is not a trivial task. This is especially so in
security and privacy conscious applications. Prompting the user for the
pass is the easiest part, after that there are a myriad of questions,

* How do you store the password?
* Do you hash it?
* With which hash function?
* How many iterations?
* How do you verify the password?
* Reset it?
* How often do I prompt the user for the password?
* How do you use it to actually encrypt things?

.. to name a few.

We see this regularly issue across apps using SQLCipher and IOCipher.

I present CacheWord, a library that aims to answer and implement as many
of those questions as possible.

Source Code & Simple Sample
    https://github.com/guardianproject/cacheword/

Security Notes
   https://github.com/guardianproject/cacheword/edit/master/SECURITY.md

Complex Sample
    https://github.com/guardianproject/notepadbot/tree/cacheword


NOTE: Development is still under way and this library IS NOT ready for
production use.

However, I'd like it to start getting some exposure and getting feedback
from developers regarding the API.

Cheers,

~abel


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130318/286d11a8/attachment.pgp>


More information about the Guardian-dev mailing list