I've been looking for google for specifics of application passwords and SQLite to safeguard a while, and absolutely nothing that I've discovered has truly clarified my questions.

Here's what I'm trying to puzzle out:

1) My application will have an optional password activity that'll be known as once the application is first opened up. My questions with this really are a) Basically keep password via android preference or SQLite database, how do i ensure security and privacy for that password, and b) how should password recovery be handled?

Regarding b) previously mentioned, I've considered needing their email once the password feature is enabled, in addition to a password hint question to be used when asking for password recovery. Upon effectively responding to the hint question, the password will be e-mailed towards the current email address which was posted. I'm not completely positive about the safety and privacy from the email method, particularly if the email is distributed once the user is attached to a wide open, public wireless network.

2) My application is going to be utilizing an SQLite database, which is saved around the Sdcard when the user has one. No matter whether it's saved on the telephone or even the Sdcard, what options have i got for data file encryption, and just how does affecting the applying performance?

Thanks ahead of time for time come to answer these questions. I believe there might be other designers battling with similar concerns.

1) Password recovery is harmful. The effectiveness of the password is compromised through the response to an issue, this is actually the principal from the poorest link. Sara Palin's email hack is made possible due to this (very) insecure feature. And if you keep password inside a "recoverable format" as with a block cipher like AES or stream cipher like RC4 or perhaps an asymmetric cipher like RSA then you're in obvious breach of CWE-257. If you actually need this feature, you have to require the user totally reset their password, if they do not know it, then why can you need let them know?

Passwords should always be hashed utilizing a secure message digest. Presently many message digest functions are insecure, md4, md5, sha0 and sha1 are very damaged and will not be employed for passwords. Presently any person in the sha2 family is the greatest function to make use of, I suggest SHA-256. NIST is presently holding a tournament for sha3 also it will not be completed until between 2012.

Passwords should also be "salted" having a large random value. This may be another column inside your database that is then appended towards the plain text password before passing it for your message digest function. This will make dictionary attacks impossible unless of course the attacker can acquire the salt, additionally, it makes pre-calculated attacks much more resource intensive to conduct effectively. Despite popular understanding, salting doesn't stop rainbow tables, it simply means you'll need a MUCH Bigger group of rainbow tables.

2)Where will you place the key for the encoded database? Sqlite is simply a file you can secure this after which decrypt it whenever you application begins, this just adds some load time but at runtime it will likely be just like fast. The actual issue is there there's simply no place place the a secret around the device that the attacker cannot obtain. An assailant has with additional control within the device than you need to do, an assailant can jailbreak the unit and do anything they want. Even when the bottom line is transfered at runtime it can nonetheless be acquired by searching in the device's memory. Any efforts to secure the database could be compromised, celebrate it harder however it will not stop an experienced hacker.