Assume user Tom installed an Adobe Air app named X, and X stores some secret in EncryptedLocalStore; then Tom wants to crack EncryptedLocalStore (inspect and alter its content), how could he do that?
Thanks!
Assume user Tom installed an Adobe Air app named X, and X stores some secret in EncryptedLocalStore; then Tom wants to crack EncryptedLocalStore (inspect and alter its content), how could he do that?
Thanks!
According to AS3 language reference:
The data in the encrypted local store is protected by the user’s operating system account credentials. Other entities cannot access the data in the store unless they can login as that user. However, the data is not secure against access by other applications run by an authenticated user. Thus, data that your application may want to keep secret from users, such as keys used for licensing or digital rights management, is not secure. The ELS is not an appropriate location for storing such information. It is only an appropriate place for storing a user’s private data, such as passwords.
Some notes about encryption:
AIR uses DPAPI on Windows, KeyChain on Mac OS and iOS, and KeyRing or KWallet on Linux to associate the encrypted local store to each application and user.
The encrypted local store uses AES-CBC 128-bit encryption.
On Android, the data stored by the EncryptedLocalStorage class are not encrypted.
Let's summarize:
EncryptedLocalStore
EncryptedLocalStore
is managed by the operating system, not AIRIf you want to crack such storage you would have to: