3Kas
Encryption password in program, to secure its centrally-stored settings?
I was thinking of implementing this in software, starting with one password, with each new release being derived from that initial password.
(trying to find the name of this technique, I think it's called a “hash chain”)
That way you can guarantee chain of security, and some algorithm can be implemented so that only the newest password used-for-unlock is valid.
That way new versions can access old settings, but then old versions can no longer. Which should give some sort of security?
Or is this all silly security through obscurity and not worth pursuing?
EDIT: I plan on using:
- iOS: https://developer.apple.com/documentation/security/keychains
- Android: https://developer.android.com/reference/androidx/security/crypto/EncryptedSharedPreferences
The question is what to use on Windows, Linux, macOS & others.
