PDA

View Full Version : Secure NSUserDefaults?




lynkynpark86
May 23, 2011, 09:31 AM
I am making an app that can change critical settings on the phone ( the app's not for app store, obviously). Therefore, the user should be able to set a password to protect the preferences. Is there any way to encrypt a string? It only needs minimum security (protection from snooping 11-year-olds). It is not as sensitive as a credit card number, or even a computer password. Any way to encrypt an NSString?



mlts22
May 23, 2011, 02:04 PM
I'd look at the Keychain API for iOS for this. This is the perfect place to store strings securely.

Another way would be to use a salt, and the PIN the user types in. You then store it by XORing the salt with the user's PIN, taking a hash of that value, then storing the salt and the resulting hash. This will keep someone from using rainbow tables, and you can do more than one iteration of hashing to slow down brute force guessing.