Android Tutorial Encrypting information with RandomAccessFile library

omidaghakhani1368

Well-Known Member
Licensed User
Longtime User
Hi Erel.
For save randomaccessfile's password for prevent hack,i should save pass in process_global and compile with obfuscate release,isn't ?
 

omidaghakhani1368

Well-Known Member
Licensed User
Longtime User
Hi Erel.
For save randomaccessfile's password for prevent hack,i should save pass in process_global and compile with obfuscate release,isn't ?
It is better though a hacker can always rerun the code and decrypt the data.
Oh my god,thus how i store pass in basic?
 

Erel

B4X founder
Staff member
Licensed User
Longtime User
If the password is stored somewhere in the program then a hacker can always decompile your app and run the code with a debugger and find the password.
It doesn't mean that you shouldn't store passwords. It means that you need to understand the security risks.

The other approach will be to let the user enter the password or authenticate with an external server.
 

omidaghakhani1368

Well-Known Member
Licensed User
Longtime User
Yes security risk.
I decide to create key in server and send to client and then save in file with encryption
 

Devv

Active Member
Licensed User
Longtime User
B4X:
Dim raf As RandomAccessFile
Dim test As String

   raf.Initialize(File.DirRootExternal, "test.dat", False)
   'Dim list2 As List
   test = raf.ReadEncryptedObject("some secret password", raf.CurrentPosition)
   Log(test)
   raf.Close



the list example worked ok, what i'am doing wrong with my code ?
 

Informatix

Expert
Licensed User
Longtime User
Yes security risk.
I decide to create key in server and send to client and then save in file with encryption
A hacker will inject code to know the data exchanged with the client (by using a valid copy of your app) before anything is encrypted (or he will just monitor the network with a sniffer if data are in plain text) so your solution does not protect anything.
 

Devv

Active Member
Licensed User
Longtime User

What if the communication with the server was https post ?
 

Devv

Active Member
Licensed User
Longtime User
The app encrypts the received password, so before its encryption the password is stored in plain text in a string. A hacker just has to log the string.
So what is the solution here MR. Informatix
 

tufanv

Expert
Licensed User
Longtime User
Is it safe to store a subscription data with this lib?
I just want to add a ending date&time for a subscription. can I use writeencryptedobject to just write a date ? Also can i delete or update an entry ?
 

Erel

B4X founder
Staff member
Licensed User
Longtime User
It is safe as long as the password is safe.

can I use writeencryptedobject to just write a date ?
Yes.

Also can i delete or update an entry ?
You can write a new value over the previous one.
Consider using KeyValueStore instead. It is simpler to work with.
 

tufanv

Expert
Licensed User
Longtime User
It is safe as long as the password is safe.


Yes.


You can write a new value over the previous one.
Consider using KeyValueStore instead. It is simpler to work with.
I was going to use it but think that maybe it is not safe .
is keyvaluestore aso secure as this lib ? ( it doesnt have any password protection etc.. )

edit: found the answer by myself. It also uses encryptedwriting so it is safe
 

zani

Member
Licensed User
Longtime User
hi can use it for file Encryption?
 
Cookies are required to use this site. You must accept them to continue using the site. Learn more…