Suggestion: Password

Olaf_2 · Post by *Olaf_2 » 2015-09-24, 18:37 UTC

Hello,

all the connection settings (passwords) are stored in the app, so it would be helpful if one can optionally set a password to start the app.

Olaf

Post by *ghisler(Author) » 2015-09-25, 07:38 UTC

The passwords are encrypted with a master key using AES256 which is stored in Microsoft's secure storage. So if you lock your phone, your passwords are unreachable.

You can read about the used credential locker in this post.

Initially I stored all passwords in the secure storage. But the space is very limited, so after a few connections, TC couldn't store any more data. Therefore I'm now using the same encryption functions as in ZIP (AES 256). It uses a random 32 byte (=256 bit) master key, and each password uses 16 byte random data (NONCE) to prevent that if you know one password, you could decrypt the others.

Olaf_2 · Post by *Olaf_2 » 2015-09-25, 07:51 UTC

Thanks for this info. I never doubt the pwd are stored absolute securely. But what I meant was: if the phone is unlocked no one cannot "accidentally" browse the files in a FTP, LAN or some other secured location, if an app pwd or pin is set.

phantom · Post by *phantom » 2015-09-25, 09:58 UTC

Ich finde die Idee gar nicht schlecht. Der Messengerdienst Threema bietet optional die Möglichkeit die App zu sperren. Ich könnte mir das auch
sehr gut für den Total Commander vorstellen. Insbesondere mit einem anderen Feature und zwar einem "Persönlichen Ordner" einem internen
(virtuellen) Speicherplatz auf dem nur der TC den Zugriff hat.