On May 1, 2009, at 4:58 AM, Jelle De Laender wrote:
What is the best way to store a password on the iPhone?
I can't take the MD5 hash because I need to be able to work with the
original password.
Should I create a custom class (with 2 strings) and save them with
NSKeyedArchiver with the idea: nobody will read the files (it's
impossible: except when you JailBreak) or what should you do?
Maybe I can simply use the NSUserDefaults?
Use the Keychain. The Keychain is intended to have better security
properties than anything you could build yourself.
The "Keychain Services Programming Guide" contains examples for saving
and retrieving a password on iPhone.
In particular, a simple "save it in a file" solution is insecure if
the file is included in an iPhone backup and the attacker gets a copy
of the backup data. The Keychain is included in backup, but its data
is encrypted and can only be decrypted with a key that never leaves
the device.
--
Greg Parker gpar...@apple.com Runtime Wrangler
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
