JSON Store password maximum length - IBM MobileFirst Platform Foundation 6.3

0
votes

I have created an App in IBM MobileFirst Platform Foundation 6.3 targetting Android and iPhone devices [Windows Phone in future]. App uses JSON Store Feature.

Following are the procedures.

  1. Ask for password from the user.
  2. Once user entered the password, encrypt it with the help of SHA256.[When I am converting the password string to a encrypted format [SHA256], i am getting 64 characters.]
  3. Now use the encrypted password for protecting the JSON Store.

When I tested this scenario in Android and iPhone devices, it's working perfect.
Now my questions are:

  1. I am using 64 characters as JSON Store password, will it affect the performance of the app in any case.
  2. What is the maximum length of JSON Store password.
1
androidiphoneibm-mobilefirstjsonstore
The 64 characters you are getting from the SHA256 are actually the 256 bytes hash of you password. Any string(or data) you hash with SHA256 will return 256 bytes. If you convert this to a HexString it will always be 64 charters. - rckoenes
Thank you for the information. But by using this 256 Bytes hash as the password of JSON Store, will it affect the performance. - sasi
I have no experience with IBM MobileFirst, but any kind of encoding and decoding will effect performance. But you will have try test how much this will impact the performance. - rckoenes
@sasi it may depend on the way you are using the json store inside your Project. example , how many times you are trying to open JSONStore,etc. Since your is always a 256 bit code it might take some time to open your json store. Because encoding should take place first then match those with the password of the Jsonstore. - Kawinesh SK
SHA256 is not encryption, it is a hash function. Hash functions are not reversible, that is the input (password in this case) can not be recovered. By using a hash function the password is not exposed only a non-reversible representation. See Wikipedia SHA-2. - zaph

1 Answers

1
votes

There are no known limitations or recorded performance degradation due to the information you've supplied.

I suggest to simply play your scenario out and see how it affects your application and proceed from there.