在Android中保护用于加密的主密码
[英]Securing Master Password for Encryption in Android
问题描述
I am using a common encryption library for android as given in this link: http://www.androidsnippets.com/encryptdecrypt-strings 
我正在使用此链接中提供的android通用加密库: http : //www.androidsnippets.com/encryptdecrypt-strings
How do I encrypt the "Master Password", currently I am hard-coding my "Master Password" in the code. 如何加密“主密码”,目前我正在代码中对“主密码”进行硬编码。 I am afraid anyone could reverse engineer my code and find the "Master Password". 恐怕任何人都可以对我的代码进行反向工程并找到“主密码”。 By this, they can find the secured strings. 这样,他们可以找到受保护的字符串。
Please let me know if there is any standard workaround. 请让我知道是否有任何标准的解决方法。
1 个解决方案
解决方案1
4 已采纳 2011-11-07 04:55:54
You should NOT hard code a password, master or not, unless a secure container of some sort is provided by the system. 除非系统提供了某种类型的安全容器,否则您不应该对密码进行硬编码,无论是否为母密码。
You have to either request the master password from the user each time your application executes OR you can temporarily cache the password in the memory. 每次应用程序执行时,您都必须向用户请求主密码,或者可以将密码临时存储在内存中。
You can make the application clear the password from the memory after the application is idle for a pre-defined time. 在应用程序空闲了预定时间后,可以使应用程序从内存中清除密码。
Also, use a key derivation function like PBKDF2 to derive a cryptographically secure key from a plain text password. 另外,请使用诸如PBKDF2类的密钥派生功能从纯文本密码派生加密安全密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.