Suggestion: Password

Currently in public beta: Windows Phone version

Moderators: white, sheep, Hacker, Stefan2

Post Reply
Olaf_2
Junior Member
Junior Member
Posts: 7
Joined: 2015-09-24, 18:28 UTC

Suggestion: Password

Post by *Olaf_2 » 2015-09-24, 18:37 UTC

Hello,

all the connection settings (passwords) are stored in the app, so it would be helpful if one can optionally set a password to start the app.

Olaf

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 36434
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) » 2015-09-25, 07:38 UTC

The passwords are encrypted with a master key using AES256 which is stored in Microsoft's secure storage. So if you lock your phone, your passwords are unreachable.

You can read about the used credential locker in this post.

Initially I stored all passwords in the secure storage. But the space is very limited, so after a few connections, TC couldn't store any more data. Therefore I'm now using the same encryption functions as in ZIP (AES 256). It uses a random 32 byte (=256 bit) master key, and each password uses 16 byte random data (NONCE) to prevent that if you know one password, you could decrypt the others.
Author of Total Commander
http://www.ghisler.com

Olaf_2
Junior Member
Junior Member
Posts: 7
Joined: 2015-09-24, 18:28 UTC

Post by *Olaf_2 » 2015-09-25, 07:51 UTC

Thanks for this info. I never doubt the pwd are stored absolute securely. But what I meant was: if the phone is unlocked no one cannot "accidentally" browse the files in a FTP, LAN or some other secured location, if an app pwd or pin is set.

phantom
Senior Member
Senior Member
Posts: 469
Joined: 2003-11-21, 15:34 UTC

Post by *phantom » 2015-09-25, 09:58 UTC

Ich finde die Idee gar nicht schlecht. Der Messengerdienst Threema bietet optional die Möglichkeit die App zu sperren. Ich könnte mir das auch
sehr gut für den Total Commander vorstellen. Insbesondere mit einem anderen Feature und zwar einem "Persönlichen Ordner" einem internen
(virtuellen) Speicherplatz auf dem nur der TC den Zugriff hat.

Post Reply