php - How to create the same secret key both for Android and server -

-

based on code of following link

https://github.com/serpro/android-php-encrypt-decrypt

i have made own implementation of encryption/decryption mechanism between android , server (api written in php).

the example uses same iv in real world case scenario use different 1 in each call. easy implement since iv can transferred without caring whether listened or not.

my question how create different secret key each new user during registration, both @ android device , server side (the unique secret key stored in mysql server side , sqlite or shared preferences on android side)?

if secret key created either @ android or server , transmitted other part stolen "listener" , communication no longer safe.

if secret key created algorithm, same algorithm must implemented in both android , server. android apk file decompiled , result algorithm found , secret keys predicted.

it seems vicious circle. safe way create same unique secret key each user both @ client side (android) , sever side without having take risk transmit through post request other part?

ps. aware of ssl, https looking simpler solution since trying protect data such login details (username/password) , not "highly sensitive data" (eg credit cards etc.). reading how implement ssl/https rather confuses me making things simpler me.

using symmetric key on both sides (server , client) highly risky in kind of architecture, due reason mention: if cracks app, crack key. situation worse mention you're managing highly sensitive data. (not in kind of situation), crackers try crack application, such sensitive data, triple efforts (and successful).

that's why kind of architecture's recommended approach asymmetric encryption system, because don't have store key (the public key available in public http address), , way can use encrypt messages, it's server holds private key 1 able decrypt messages. recommend using ssl/tls here.


Comments

Post a Comment

Popular posts from this blog

c++ - How to add Crypto++ library to Qt project -

-
Image
i downloaded crypto++ source , compiled cryptlib project in visual studio 2013, , added generated .lib file qt project, made .pro file this: qt += core gui qt += sql greaterthan(qt_major_version, 4):qt += widgets target = untitled template = app sources += main.cpp\ mainwindow.cpp headers += mainwindow.h \ databasecontrol.h \ test.h forms += mainwindow.ui win32:config(release, debug|release): libs += -l$$pwd/ -lcryptlib else:win32:config(debug, debug|release): libs += -l$$pwd/ -lcryptlibd else:unix: libs += -l$$pwd/ -lcryptlib includepath += $$pwd/ dependpath += $$pwd/ win32-g++:config(release, debug|release): pre_targetdeps += $$pwd/libcryptlib.a else:win32-g++:config(debug, debug|release): pre_targetdeps += $$pwd/libcryptlibd.a else:win32:!win32-g++:config(release, debug|release): pre_targetdeps += $$pwd/cryptlib.lib else:win32:!win32-g++:config(debug, debug|release): pre_targetdeps += $$pwd/cryptlibd.lib else:unix: pre_targetdeps += $$pw
Read more

jQuery Mobile app not scrolling in Firefox -

-
i have mobile app built in jquery mobile. scrolling fine in chrome & safari, fails scroll in firefox on desktop. have other instances of same app, different features, , works across browsers. life of me, cannot figure this, please help! located here: http://re-brand.us/dsus/index.html seems bug in firefox: bug log . able scroll using keyboard not trackpad on mac. are using mac? i'll keep looking see if can find way around it.
Read more

How to use vim as editor in Matlab GUI -

-
i using matlab r2013b. using gui, command windows , editor in split screen. in matlab preferences > editor/debugger > editor. there option set custom editor instead of matlab editor. set local editor /usr/bin/vim , not able open files @ anymore. there possibility use vim editor in split screen mode? i aware of !vim file.m , not solution looking for, works satisfactory in -nodisplay mode. rather want keep split screen mode. i did not find solution 100% satisfying, using tmux intermediate solution. allows 2 use split screen 2 terminals. in 1 of can open matlab -nodesktop in terminal mode, , in other 1 vim . possible switch between both split screens. you can use functionality of gui matlab typing things commandhistory , who et cetera.
Read more