假设用户Tom安装一个Adobe AIR应用程序名为X和X专卖店在EncryptedLocalStore一些秘密;那么Tom想破解EncryptedLocalStore（检查并改变其内容），他怎么能这样做？

Assume user Tom installed an Adobe Air app named X, and X stores some secret in EncryptedLocalStore; then Tom wants to crack EncryptedLocalStore (inspect and alter its content), how could he do that?

谢谢！

推荐答案

据AS3语言参考：

在加密的本地存储中的数据由用户的操作系统帐户凭据保护。 其他实体无法访问数据的存储，除非他们可以登录该用户。但是，数据是不安全的抵抗由通过验证的用户运行其他应用程序访问。因此，数据的应用程序可能希望保留的用户，如用于授权或数字权限管理密钥的秘密，是不是安全的。在ELS是不是一个合适的位置来存储这些信息。它只是用于存储用户的私人数据，如密码的适当位置。

The data in the encrypted local store is protected by the user’s operating system account credentials. Other entities cannot access the data in the store unless they can login as that user. However, the data is not secure against access by other applications run by an authenticated user. Thus, data that your application may want to keep secret from users, such as keys used for licensing or digital rights management, is not secure. The ELS is not an appropriate location for storing such information. It is only an appropriate place for storing a user’s private data, such as passwords.

有关加密的一些注意事项：

Some notes about encryption:

AIR使用Windows上的 DPAPI ，在Mac OS和iOS 和钥匙扣使用KeyRing或KWallet将在Linux 以加密的本地存储关联每个应用程序和用户。

AIR uses DPAPI on Windows, KeyChain on Mac OS and iOS, and KeyRing or KWallet on Linux to associate the encrypted local store to each application and user.

加密的本地存储使用的 AES-CBC 128位加密

The encrypted local store uses AES-CBC 128-bit encryption.

在Android上，由EncryptedLocalStorage类存储的数据没有被加密

让我们来总结一下：

如果有人可以登录到用户帐户，他可以访问 EncryptedLocalStore 的 EncryptedLocalStore 是由操作系统管理，而不是AIR 数据进行加密，但没有在Android If someone can login to the user account, he can access the EncryptedLocalStore The EncryptedLocalStore is managed by the operating system, not AIR Data are encrypted but not on Android

如果你要破解这样的存储，你还必须是：

If you want to crack such storage you would have to:

检索存储的内容 破解加密（这是pretty的好） 找到规范的有关分析这些数据存储库 在写自己的数据读取器