[guardian-dev] info about master password
Nathan of Guardian
nathan at guardianproject.info
Thu Apr 28 12:46:42 EDT 2016
On Thu, Apr 28, 2016, at 12:05 PM, Massimo Canonico wrote:
> I was looking at the source code of ChatSecure (downloaded from git
> repo) in order to figure out how the master password is managed.
The master password is managed by our CacheWord library:
https://github.com/guardianproject/cacheword
CacheWord is an Android library project for passphrase caching and
management. It helps app developers securely generate, store, and access
secrets derived from a user's passphrase.
CacheWord is still under development. Proceed with caution
Broadly speaking this library assists developers with two related
problems:
Secrets Management: how the secret key material for your app is
generated, stored, and accessed
Passphrase Caching: store the passphrase in memory to avoid constantly
prompting the user
CacheWord manages key derivation, verification, persistence, passphrase
resetting, and caching secret key material in memory.
Features:
Strong key derivation (PBKDF2)
Secure secret storage (AES-256 GCM)
Persistent notification: informs the user the app data is unlocked
Configurable timeout: after a specified time of inactivity the app locks
itself
Manual clearing: the user can forcibly lock the application
--
Nathan of Guardian
nathan at guardianproject.info
More information about the guardian-dev
mailing list