Custom AES encryption key #522
Comments
|
@subzero911 do you receive an answer to this? @mogol can you give some clarification? |
|
No, I didn't but it looks like a legacy code. |
|
The PerferenceKey is not the AES key. Instead it is used to fetch the encrypted key. Btw I want to raise request to change the key size to 32 for AES-256. |
|
This will help https://www.youtube.com/watch?v=JogvnnaJ8TI |
|
Was preferencesKeyPrefix implemented for solving above described issue ??? |
|
The fix for this issue will be discussed in #769 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is it possible to encrypt values with the custom AES key?
I was wondering why it is encrypted "by itself" and does not require the user to enter some secret key. So I examined the source https://github.com/mogol/flutter_secure_storage/blob/develop/flutter_secure_storage/android/src/main/java/com/it_nomads/fluttersecurestorage/ciphers/StorageCipher18Implementation.java
...and found this 😱
Then it's used to encrypt values:
Looks like it is always encrypted with the same hardcoded key, moreover, which is publicly accessible! Seems not secure at all.
The text was updated successfully, but these errors were encountered: