in app (Java) crypt "file store"/ media cache ?

таракан cryptoanalyzers at protonmail.com
Mon Jul 6 05:38:52 PDT 2020


The very idea of cache is unsecure by nature... it's almost always functionally unnecessary unless we're talking of things like memoization etc...  but since you mention  a "media" app, I guess that's a cache for pictures, videos etc...

Good point is: if a media app wants to really focus on security should it use a caching system ?


----------
CRYPTOANALYZER
----------

Sent from ProtonMail, encrypted email based in Switzerland.

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Sunday, 5 July 2020 г., 17:38, Zenaan Harkness <zen at freedbms.net> wrote:

> In app media cache ought be in a crypt by default. Has anyone done this before and can give hints?
>
> Platforms: initially android, but should be compilable for others including Linux
>
> Object types: avatars, tweets, associated media including images and even vids - whatever is in a standard social media 'stream'.
>
> Obviously cache needs to be parameterizable as to size, eviction policy, but it's not going to be unencrypted.
>
> Come to think of it, FreeNet's code might be good, at the very least as a tutorial - but experience is always valuable, so if you have some experience you can share, please do.
>
> To simplify eviction, objects should be separate files, compressed prior to saving, with one or more indices (also encrypted) for the application to do it's thing efficiently, including store, lookup, read and re-enrypt when an object is to be on-forwarded.
>
> Content addressed in some way of course - git has lead the way on this principle - we just must make sure that if the user does not give up his password, anything lying around must meet some minimum "hiddenness" standard.
>
> Possible libs:
>
> Tuweni
>
> =======
>
> https://github.com/apache/incubator-tuweni
> https://tuweni.apache.org
>
> Ancient Nacl-Java
>
> ==================
>
> https://github.com/freeeve/nacl-java
>
> looks like a one man band, not updated for 5yrs
>
> ================================================
>
> Libsodium
>
> ==========
>
> https://github.com/jedisct1/libsodium
> https://doc.libsodium.org/
> https://doc.libsodium.org/bindings_for_other_languages
>
> "complete security audit"
>
> ==========================
>
> Seems to be used by Tuweni
>
> ===========================
>
> Docs:
>
> Java Cryptography Architecture (JCA) Reference Guide
>
> =====================================================
>
> https://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/CryptoSpec.html
>
> Tutorials:
>
> https://www.tutorialspoint.com/java_cryptography/index.htm
> https://www.tutorialspoint.com/java_cryptography/java_cryptography_encrypting_data.htm
>
> simple block encryption
>
> ========================
>
> Java - Asymmetric Cryptography example - Mkyong.com
>
> ====================================================
>
> https://mkyong.com/java/java-asymmetric-cryptography-example/
>
> https://github.com/amiralis/Java-crypto-tutorial
>
> Encrypting and Decrypting Files in Java | Baeldung
> https://www.baeldung.com/java-cipher-input-output-stream
>
> How to easily encrypt and decrypt text in Java
> https://www.adeveloperdiary.com/java/how-to-easily-encrypt-and-decrypt-text-in-java/
>
> Encrypt and Decrypt file/stream in Java
> https://self-learning-java-tutorial.blogspot.com/2017/09/encrypt-and-decrypt-filestream-in-java.html




More information about the cypherpunks mailing list