Some of Our Sources
- Spoon Graphics
- Smashing Apps
- You The Designer
- Web Designer Depot
- Web Design Ledger
- CSS Globe
- Design Modo
- Web Resource Source
- Willems Lab
- Hashedout
Help Webnuz
Referal links:
July 7, 2016 08:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/37leZwytoVQ/android-keystore-encryption-scheme-broken
Android KeyStore Encryption Scheme Broken
Reader msm1267 writes: The default implementation for KeyStore, the system in Android designed to store user credentials and cryptographic keys, is broken, researchers say.>In an academic paper published this week, researchers argue that the particular encryption scheme that KeyStore uses fails to protect the integrity of keys and could be exploited to allow an attacker to modify stored keys through a forgery attack.KeyStore, which performs key-specific actions through the OpenSSL library, allows Android apps to store and generate their own cryptographic keys. By storing keys in a container, KeyStore makes it more difficult to remove them from the device. Mohamed Sabt and Jacques Traore, two researchers with the French telecom Orange Labs, claim the scheme associated with the system is "non-provably secure," and could have "severe consequences." The two point out in their paper "Breaking Into the KeyStore: A Practical Forgery Attack Against Android KeyStore," that it's the hash-then-encrypt (HtE) authenticated encryption (AE) scheme in cipher block chaining mode (CBC) in KeyStore that fails to guarantee the integrity of keys.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/37leZwytoVQ/android-keystore-encryption-scheme-broken
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot