Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am using a common encryption library for android as given in this link: http://www.androidsnippets.com/encryptdecrypt-strings
How do I encrypt the “Master Password”, currently I am hard-coding my “Master Password” in the code. I am afraid anyone could reverse engineer my code and find the “Master Password”. By this, they can find the secured strings.
Please let me know if there is any standard workaround.
You should NOT hard code a password, master or not, unless a secure container of some sort is provided by the system.
You have to either request the master password from the user each time your application executes OR you can temporarily cache the password in the memory.
You can make the application clear the password from the memory after the application is idle for a pre-defined time.
Also, use a key derivation function like
PBKDF2to derive a cryptographically secure key from a plain text password.