2018-10-24 20:07 阅读 63


There are many encryption algorithms and most of them require IV and KEY and Plaintext.

In Android, we have to add 3 of them to our code. On the other side, Android is open source and everyone can extract APK files and access the IV and the KEY , this doesn't make it secure.

Which algorithms are better and unbreakble that can be applied in Java and PHP. I'm working on a Project similar to Instagram/Facebook/Twitter, Security is the first problem for such applications.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • 已采纳
    duanken7168 duanken7168 2018-10-25 09:20

    Let's start with basic stuff:

    • never store an IV/KEY in the source code or unencrypted within the app filesystem
    • your might want to look into the Android KeyStore and it's supported operations
    • you might need to depend upon the existence of a hardware keystore (so that users cannot modify locally stored keys)

    For more information I would recommend to look into the OWASP MSTG -- Android Data Store and Android Cryptographic APIs might be interesting to you

    点赞 评论 复制链接分享