On Mon, Oct 3, 2011 at 4:40 AM, Kostya Vasilyev <[email protected]> wrote: > I wonder if you're allowed to reuse the same key (declared as "final") > between encoding and decoding. > Other than that, and Nikolay's advice, here is what I do: > > private static final byte[] SALT = { ... };
Using a static blob as the salt, kind of defeats the purpose (to make harder to pre-calculate keys and to ensure that the same password doesn't produce the same key every time it's used). Ideally, you should use a separate, randomly generated salt for each message you encrypt. The salt itself is not a secret, so it's OK to append it to the encrypted message as is. > private static final int COUNT = 10; That count is a bit low. The original PKCS#5 recommends 1000, if that it too slow on Android you might want to adjust it, but 10 is certainly too low. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
