#aerogear Meeting

Meeting started by abstractj at 13:55:55 UTC (full logs).

Meeting summary

    1. http://oksoclap.com/p/iOS_Meeting_(Security) (abstractj, 13:56:11)

  1. iOS Security Bootstrap Meeting (cvasilak, 13:56:57)
    1. the idea is to provide wrappers for CommonCrypto (abstractj, 13:59:37)
    2. the main goal is to have a easy to use crypto API (abstractj, 13:59:46)
    3. feel free to add ideas to that gist (abstractj, 14:00:52)
    4. https://gist.github.com/abstractj/f1229ae075f8e6688c75 (abstractj, 14:01:01)
    5. ACTION: cvasilak determine mode of AES encrypt currently provided by the crypto interface, mode CBC or GCM (cvasilak, 14:05:05)

  2. Asymmetric encryption with Elliptic Curve Cryptography (ECC) (cvasilak, 14:06:20)
    1. required but can be postponed atm (still necessary and completely important) (cvasilak, 14:06:24)
    2. required because we will stablish a key agreement with the server (cvasilak, 14:06:25)
    3. if for some reason ECC is not supported on iOS, the plan B might be RSA with Diffie Hellman (abstractj, 14:06:51)
    4. https://developer.apple.com/library/ios/samplecode/CryptoExercise/Introduction/Intro.html (must be checked) (abstractj, 14:06:53)

  3. Cryptographic Hash Functions (cvasilak, 14:07:49)
    1. priority 3 (cvasilak, 14:07:49)
    2. SHA-256 is the minimum to the Java bits and JS (abstractj, 14:11:32)

  4. Digital Signatures (cvasilak, 14:13:45)
    1. priority 3 - The plan is to have signed http request (cvasilak, 14:15:20)

  5. Public-Private Key-Pair (cvasilak, 14:22:12)
  6. Password-based key derivation (PBKDF2) (cvasilak, 14:23:25)
    1. priority 2 in my opinion, because is possible to use PBKDF2 with AES for example for encryption (abstractj, 14:23:44)
    2. priority 2 in my opinion, because is possible to use PBKDF2 with AES for example for encryption (cvasilak, 14:23:45)

  7. Encryption of storage (cvasilak, 14:31:07)
    1. Built into iOS - Data Protection (cons: Requires pass-code set by the user) (cvasilak, 14:31:20)
    2. Protection classes: (abstractj, 14:32:32)
    3. Complete Protection -> (NSFileProtectionComplete): (abstractj, 14:32:33)
    4. Protected Unless Open -> (NSFileProtectionCompleteUnlessOpen) (abstractj, 14:32:33)
    5. Protected Until First User Authentication -> (NSFileProtectionCompleteUntilFirstUserAuthentication) (abstractj, 14:32:33)
    6. No Protection -> (NSFileProtectionNone) (abstractj, 14:32:33)
    7. AGREED: (abstractj, 14:35:05)
    8. we can provided methods to devs choose whatever protection they want and forbid "No protection". Providing 3 levels of security ONLY IF possible (abstractj, 14:40:04)
    9. otherwise just let developers choose whatever they want and take their chances (abstractj, 14:40:19)
    10. ACTION: cvasilak corinnekrych figure out if the insane protection levels suggested by abstractj are doable. But not an uber priority (abstractj, 14:41:34)

  8. SQLCipher (abstractj, 14:44:36)
    1. : sqlcipher has some compatibilty issues, but I'm completely fine if you guys think that's the way to go (abstractj, 14:44:45)
    2. : https://groups.google.com/forum/#!msg/sqlcipher/A2CcSyDZKPc/erq_45j0EC8J (abstractj, 14:44:56)
    3. abstractj is not against it, just must be checked (abstractj, 14:44:56)
    4. https://www.owasp.org/images/5/56/OWASP_ChapterMeeting_SqlCipher-2012.pdf (abstractj, 14:45:02)
    5. ACTION: corinnekrych to investigate of SQLite with sqlcipher vs other option for pList/Mem (corinnekrych, 14:50:30)
    6. AGREED: (matzew, 14:52:20)
    7. AGREED: (corinnekrych, 14:52:51)


Meeting ended at 14:52:51 UTC (full logs).

Action items

  1. cvasilak determine mode of AES encrypt currently provided by the crypto interface, mode CBC or GCM
  2. cvasilak corinnekrych figure out if the insane protection levels suggested by abstractj are doable. But not an uber priority
  3. corinnekrych to investigate of SQLite with sqlcipher vs other option for pList/Mem


Action items, by person

  1. abstractj
    1. cvasilak corinnekrych figure out if the insane protection levels suggested by abstractj are doable. But not an uber priority
  2. corinnekrych
    1. cvasilak corinnekrych figure out if the insane protection levels suggested by abstractj are doable. But not an uber priority
    2. corinnekrych to investigate of SQLite with sqlcipher vs other option for pList/Mem
  3. cvasilak
    1. cvasilak determine mode of AES encrypt currently provided by the crypto interface, mode CBC or GCM
    2. cvasilak corinnekrych figure out if the insane protection levels suggested by abstractj are doable. But not an uber priority


People present (lines said)

  1. abstractj (117)
  2. matzew (65)
  3. cvasilak (30)
  4. corinnekrych (24)
  5. jbossbot (11)
  6. smikloso (4)
  7. qmx (3)
  8. travis-ci (3)
  9. jbott (3)
  10. proddbot (1)
  11. passos (1)


Generated by MeetBot 0.1.4.