Originally posted by manas ahlaad:
my problem is not that complex. I just need local login to be secured(take an instance , my application on PDA has got login page whose login information is stored on PDA's record store .Suppose if somebody stole my PDA ) then, he has access to know the login details from recordstore since its flat and non secure and transperent so that anyone can access) . my problem is what to do to provide security to login data so that noone can access them
What you really need is a Unix-like passwd scheme: you can use a one-way encryption algorithm to encrypt your passwd and store the encrpted passwd on your device. Everytime you need to sign in, you provide the clear text passwd and the PDA encrypts it and compares the result with the one stored on the device.
Since the encryption is one-way, it is very hard to get your original passwd by just knowing the encrypted one on your device. So, even if your device is lost, if the cracker do not have the original passwd, he still cannot break in. One such algorithm is DES and bouncycastle has an implementation for it.
However, without a complete solution that secures everything on the device, the approach discussed above cannot be very secure: the cracker can always download your Java application, bypass the passwd verification part and upload it again and read your data ...