Hardware based key encryption to strengthen passwords / 2 factor auth?
we currently have:
internal class DesktopDatabaseConfig(private val dbDir: Path, private val keyDir: Path) :
DatabaseConfig {
override fun getDatabaseDirectory(): File = dbDir.toFile()
override fun getDatabaseKeyDirectory(): File = keyDir.toFile()
override fun getKeyStrengthener(): KeyStrengthener? = null
}
while Android supports some kind of key strengthening based on Android APIs:
class AndroidKeyStrengthener implements KeyStrengthener {
private static final Logger LOG =
getLogger(AndroidKeyStrengthener.class.getName());
private static final String KEY_STORE_TYPE = "AndroidKeyStore";
private static final String PROVIDER_NAME = "AndroidKeyStore";
private static final String KEY_ALIAS = "db";
private static final int KEY_BITS = 256;
private final List<AlgorithmParameterSpec> specs;
AndroidKeyStrengthener() {
KeyGenParameterSpec noStrongBox =
new KeyGenParameterSpec.Builder(KEY_ALIAS, PURPOSE_SIGN)
.setKeySize(KEY_BITS)
.build();
if (SDK_INT >= 28) {
// Prefer StrongBox if available
KeyGenParameterSpec strongBox =
new KeyGenParameterSpec.Builder(KEY_ALIAS, PURPOSE_SIGN)
.setIsStrongBoxBacked(true)
.setKeySize(KEY_BITS)
.build();
specs = asList(strongBox, noStrongBox);
} else {
specs = singletonList(noStrongBox);
}
}
…
I think there are devices such as special USB-dongles that can be plugged into ordinary computers and act as such strenghteners maybe? Or something like smartcards?