Re: Comment on CryptoIntents in openintents

29 views
Skip to first unread message

openi...@googlecode.com

unread,
Feb 12, 2010, 9:50:40 AM2/12/10
to openi...@googlegroups.com
Comment by edaeschlimann:

I don't see a need for having to store 1 password or master key. I am very
impressed with the work that has done into this app. A job very well done!
Thank you. It is exactly what I have been looking for and it has allot of
potential for other apps. ega


For more information:
http://code.google.com/p/openintents/wiki/CryptoIntents

openi...@googlecode.com

unread,
Feb 12, 2010, 10:16:58 AM2/12/10
to openi...@googlegroups.com
Comment by unwe...@gmail.com:

I wouldn't worry about MD5 vs. SHA1 when there's plaintext passwords being
serialized into Intents and sent around the system for anyone to read.

openi...@googlecode.com

unread,
Feb 12, 2010, 3:29:11 PM2/12/10
to openi...@googlegroups.com
Comment by peli0101:

The master password is never sent over any intent, and no other application
except OI Safe ever gets to see it.
(Individual passwords for web sites are copied to the copy&paste buffer if
the user wishes so.)

openi...@googlecode.com

unread,
Feb 12, 2010, 4:27:53 PM2/12/10
to openi...@googlegroups.com
Comment by unwe...@gmail.com:

I wasn't talking about the master password, but about the passwords
encrypted with the master password.

My point is, if you're looking at the overall security of things, it'll be
easier intercepting ACTION_SET_PASSWORD than trying to exploit a weakness
in MD5 in order to get at them.

I'm assuming here that an attacker's intent (excuse the pun) is to get at
the passwords stored in OI Safe; obtaining the master password would then
only be a means to an end the attacker can bypass completely.

openi...@googlecode.com

unread,
Feb 13, 2010, 6:50:47 PM2/13/10
to openi...@googlegroups.com
Comment by peli0101:

That's why we require apps that want to use these intents to have the
necessary OI Safe permissions. The user has to grant these permissions at
installation time. Apps without them can't access the intents.

Of course this does not exclude the possibility that an app which got the
permission by the user is a malicious one... so the final responsibility
lies at the end user.

openi...@googlecode.com

unread,
Feb 14, 2010, 6:26:01 AM2/14/10
to openi...@googlegroups.com
Comment by unwe...@gmail.com:

Permissions don't enter the picture. It takes all of five minutes to create
an app that receives ACTION_SET_PASSWORD and looks pretty much like OI Safe
to Joe User. It's got your password. End of story.

Yes, it would be a lot nicer if it could pass the password on to the real
OI Safe in order to fool the user more efficiently. Yes, it would need OI
Safe permissions for that. No, it would not be a problem to create a
legitimate app that wants those permissions, and at the same time
maliciously intercepts ACTION_SET_PASSWORD.

The point isn't that OI Safe is broken. I'm not saying that. What I *am*
saying is that any security concept will be attacked at it's weakest point,
and the weak point with OI Safe is *not* MD5. It's that it's *incredibly*
easy to phish for passwords from Joe User if you send them around in
Intents.

openi...@googlecode.com

unread,
Apr 22, 2010, 5:50:49 PM4/22/10
to openi...@googlegroups.com
Comment by jcanas70:

Does OISafe store the data being encrypted in the SD card or on the phone's
built-in memory? If on SD card, anyone know the fully qualified path?
Thanks.
--
You received this message because you are subscribed to the Google Groups "OpenIntents" group.
To post to this group, send email to openi...@googlegroups.com.
To unsubscribe from this group, send email to openintents...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/openintents?hl=en.

openi...@googlecode.com

unread,
Apr 23, 2010, 1:15:57 AM4/23/10
to openi...@googlegroups.com
Comment by peli0101:

It uses built-in memory. You can use menu > export or menu > backup to get
a copy on the SD card.

openi...@googlecode.com

unread,
Apr 26, 2010, 3:57:36 PM4/26/10
to openi...@googlegroups.com
Comment by lfarkas:

is there any desktop application which us the same algorithm and file
format as OI? in this case i can use the same apps on my desktop and on my
phone and just have to keep the safe file in sync.
the best would be some kind of java apps which can be run on linux,
windows, mac and android.
thanks.

openi...@googlecode.com

unread,
Feb 24, 2011, 12:56:22 AM2/24/11
to openi...@googlegroups.com
Comment by balajite...@gmail.com:

fine,

openi...@googlecode.com

unread,
Feb 28, 2011, 6:42:02 AM2/28/11
to openi...@googlegroups.com
Comment by lozaloz...@googlemail.com:

when i downloaded oi i did not get the master password and therefore cant
now get in and its only place i have a really important peice of
information can anyone help please? xx

openi...@googlecode.com

unread,
Mar 19, 2012, 9:57:53 AM3/19/12
to openi...@googlegroups.com
Comment by sunnydo...@gmail.com:

please hack this idBrand New 2011 Pirates Facebook Hack

openi...@googlecode.com

unread,
Sep 9, 2013, 3:25:01 PM9/9/13
to openi...@googlegroups.com
Comment by umlgu...@gmail.com:

I personally want my passwords safer than SHA1 as well, I want SHA2, or
even higher. Perhaps allowing the user/phone owner pick the encryption
scheme either at app initialization time or with a config setting with a
warning about "slowness" may appease everyone. I cannot afford to have my
passwords hacked/swiped if I lose my phone.

For more information:
https://code.google.com/p/openintents/wiki/CryptoIntents

openi...@googlecode.com

unread,
Oct 10, 2014, 4:53:23 PM10/10/14
to openi...@googlegroups.com
Comment by steven.d...@gmail.com:

How do I transfer my OIsafe with passwords to a new phone? Is there any
way other then manually typing in the passwords? Can I copy the file to
the new phone and instal the OIsafe on the new phone?

openi...@googlecode.com

unread,
Dec 29, 2014, 8:11:00 AM12/29/14
to openi...@googlegroups.com
Comment by rberry1...@gmail.com:

I transferred my OIsafe app to my new phone, but when I put in my password
to access my files it shows I have nothing saved on my files. I have
important info that I need to access, can you please help me?

openi...@googlecode.com

unread,
Jan 8, 2015, 4:22:16 PM1/8/15
to openi...@googlegroups.com
Comment by LynMabe...@gmail.com:

Install OISafe, then copy the oisafe backup file to a location, open oisafe
and restore using the backup file, and use the same Master Password

openi...@googlecode.com

unread,
Jan 8, 2015, 4:24:19 PM1/8/15
to openi...@googlegroups.com
Comment by LynMabe...@gmail.com:

I'm still using OISafe on Droid X (2nd gen) running Android 5.0 , I have
yet to find a good replacement application with all the features that
OISafe offers.

openi...@googlecode.com

unread,
Mar 1, 2015, 9:43:31 AM3/1/15
to openi...@googlegroups.com
Comment by jyotirmo...@gmail.com:

I hv put really really difficult passwords for my accounts through oisafe.
I used to copy-paste passwords while logging in. Now i hv learned that my
clipboard is not safe! What's the way out? Is it possible to have a
seperate clipboard, and password protect them or something else may be?
Reply all
Reply to author
Forward
0 new messages