Isaac's Blog: Welcome to the Future: Encrypting strings in Android: Let's make better mistakes

Monday, December 1, 2014

Encrypting strings in Android: Let's make better mistakes

If you do a web search for “encrypting Strings in Android”, you’ll find a lot of example code, and they all look pretty similar. They definitely input a String and output gibberish that looks like encrypted text, but they are often incorrect. Crypto is tricky: it’s hard to tell that the gibberish that’s being printed is not good crypto, and it’s hard to tell that the code example you picked up from Stack Overflow has serious flaws.

Read more on the Tozny blog, watch Isaac's talk on this topic and check out the Github repo for the AES library.

No comments:

Post a Comment

About Isaac

I'm the CEO of Tozny, an innovative security and privacy company building easy to use products. Previously, I was the Principal Investigator for Assured Information Sharing at Galois.

Cryptography: One of my focus areas is in the correct use of cryptographic protocols and algorithms and I sometimes perform security analyses of innovative products.

Android: I occasionally write software for Android. My work in this area includes a simple guided meditation program as well as encryption and password storage app, in collaboration with the OpenIntents project.

Other Software: I'm have previously authored or maintained several software packages: The Haskell Cabal, a Haskell filesystem called Halfs. I also contributed some of the original code for Debian's apt-get cryptographic signature checking.

Social Software:I'm on Twitter as well as LinkedIn. For professional relationships, please find me there. Personal friends can find me on Facebook.

Non-Geek: I really enjoy road bike racing, rock climbing, hiking, reading good books, drinking coffee, and the awesomeness of Portland, Oregon :)