This list is a work in progress. More complete limitations can be found in the comments for the class PasswordProtectedStore.
  1. Password strength.
    1. The security of any of this is only as good as the password. If the password is easily guessable, no amount of crypto will save you
  2. Data is authenticated only inside stored entry (i.e. one key value pair in the dictionary). It is not authenticated across key value pairs.
  3. Data forensics
    1. It is entirely possible parts or all of the password or derived encryption keys will get swapped out of memory to disk. Serious forensic analysis done on the phone would then recover those passwords/ keys and then the data. To mitigate this, don't store passwords in strings ever. Use a byte array and zero it when finished.
  4. Data can be deleted.
    1. This code will not throw any errors ( or even notice) if data is deleted from the phone. You merely will no longer be able to access it.
  5. Try not to store passwords in strings.
    1. Strings cannot be erased from memory. All the the methods take a byte array that you can actually zero after you are done with it.
    2. The better solution would be to use System.SecureString, but that does not exist in silverlight.

Last edited Feb 19, 2011 at 8:48 PM by imichaelmiers, version 8


No comments yet.