LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Color me confused

Color me confused

Posted Aug 4, 2011 17:04 UTC (Thu) by felixfix (subscriber, #242)
In reply to: Password storage on Android devices by thedevil
Parent article: Password storage on Android devices

How does this solve anything? Maybe your description isn't clear. The problem is that if the decryption key does not come directly from user input every time it is needed, then the plaintext has to be stored somewhere. If that store itself is encrypted, then either the user has to be asked, again, for the password, or the program itself has the password, in which case you have merely moved the cleartext one step away.

This is obvious to anyone familiar with encryption and passwords, and described in the article itself. So either you haven't solved anything, or you haven't been clear.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds