Memory security

[twzg...@gmail.com]

Hi,

I would like to know if Secrets for Android would clean out the master PIN from device RAM memory if it goes into Lock Screen mode since the user needs to re-login again.

Also, it would be good if Secrets can allow clean out from RAM memory any copied credentials via a "Wipe Clipboard" button that the user manually trigger.

The above two features would increase the safety of Secrets greatly by allowing users to wipe clipboard and when the Lock Screen comes into effect, the master PIN gets wiped out for that moment from device RAM memory.

It is not possible to manually specify the exact memory location to wipe data so what I would suggest is something like below in Java:

         replaceWithRandAndZero(7, masterPassword);

         public void replaceWithRandAndZero(int iteration, byte[] masterPassword) {

               // Overwrites masterPassword with specified iterations of random characters

               for (int i = 0; i < iteration; i++ ) {

                      // Use whatever random you like...

                      masterPassword = <iteration random's result>;

               }

               // Finalize it by "Zero" it...

               // Additionally, you might want to iterate through the entire length of the password byte range to zero every 

               // single byte available for the range of byte the masterPassword uses but for simplicity and demo, I would

               // simply just set it to 'zero'. Please try to loop the entire length of masterPassword and set every byte to 

               // zero if possible, otherwise just set to a basic 'zero'.

               masterPassword =  {0x00};

               /* !!!!! Un-tested !!!!! This is for looping through masterPassword byte range to 'zero' every single byte.

               for (int j = 0; j < masterPassword.length; j++) {

                        masterPassword[j] = {0x00};

               }

               */

          }

          

The above is a sample code for "wiping" in-memory secret keys / PINs / Passwords. Generally, in-memory address space is not easy to access from Java but as long as the keys are not held for too long giving the OS a chance to cache it in some swap space or cache,

it can be removed. Having a short timing for the timer to lock screen and to always lock screen frequently while activating the above wiping methods would give more security margin. You may want to use the same method to 'replaceWithRandAndZero' for all credentials when a user presses the "Wipe Clipboard" function.

          

[Roger Tawa █ ♣ █]

Hi twzgerald,

Secrets clears the master password immediately after decrypting the data. By the time the lock screen kicks in, the master password is already cleared. You can check out the code at:

https://code.google.com/p/secrets-for-android/source/browse/

I'm not sure how useful wipe clipboard would be. Can you describe in more detail what the user experience would be like? Note that secrets does not know that the lock screen kicks in, it only knows that it is loosing focus. Secrets can't clear the clipboard at this point because it looses focus when you swap to the app where you want to paste the pin.

Roger

--
You received this message because you are subscribed to the Google Groups "secrets-for-android" group.
To unsubscribe from this group and stop receiving emails from it, send an email to secrets-for-and...@googlegroups.com.
To post to this group, send email to secrets-f...@googlegroups.com.
Visit this group at http://groups.google.com/group/secrets-for-android.
For more options, visit https://groups.google.com/d/optout.