views:

244

answers:

2

Good Afternoon Guys and Girls,

Hopefully this will be a quick and easy question.

I am building an App that requires the user to input their login details for an online service that it links to. Multiple login details can be added and saved as the user may have several accounts that they would like to switch between.

These details will be stored in an SQLite database and will contain their passwords. Now the questions are:

1: Should these passwords be encrypted in the database? My instinct would say yes but then I do not know how secure the device and system is and if this is necessary.

2: If they should be encrypted what should I use? I think encrypting the whole database file sounds a bit over-kill so should I just encrypt the password before saving it to the database? If this is case what could I use to achieve this? I have found reference to a "crypt(3)" but am having trouble finding much about it or how to implement it.

I eagerly await your replies!

EDIT: As you will see from the chosen answer and comments KeyChain is what I went with. Any one interested in using it there is some useful source code here:

http://log.scifihifi.com/post/55837387/simple-iphone-keychain-code

A: 
lewiguez
+1  A: 

Don't implement your own crypto; just use the keychain.

tc.
This looks like it could be the winner.I'll have a look at implementing this and let you know the results.
Louis Russell
I've implemented using saving the data to the keychain and have successfully been able to return it with the details it was saved with. I haven't completed this fully yet but from how it is currently working this is simple and effective (Provided you find some useful examples). Anyone thinking of using keychain look here: http://log.scifihifi.com/post/55837387/simple-iphone-keychain-code
Louis Russell