I have created an application in which I have used base64 encoding and save the user password into NSUSerDefaults, But somehow another iPhone developer breaks that password. I wonder how could he got NSUserDefaults Data? Does someone knows how to stop this critical thing and also how he had got the NSUserDefaults Data. Also what is the best encryption method to store user password in iphone ?
Someone who has jail broken iPhone has more control over the device than you do. There is no place to hide a secret, not on flash disk, not in memory. When you are building a server you should always assume that the attacker can connect a malicious client. Period end of story.
I suggest you check out SFHFKeychainUtils. It wraps up the Keychain Services API and provides a very simple interface to store sensitive information like passwords.
Store you password:
NSError * error;
[SFHFKeychainUtils storeUsername:userName andPassword:password forServiceName:@"whatever_service" updateExisting:YES error:&error];
Get your password back:
NSError * error;
password= [[SFHFKeychainUtils getPasswordForUsername:userName andServiceName:@"whatever_service" error:&error] retain];
You can also clear the stored value using the deleteItemForUsername message if you need to log the user out.
A keychain is an encrypted container that holds passwords for multiple applications and secure services. Keychains are secure storage containers, which means that when the keychain is locked, no one can access its protected contents. -- Keychain Services Programming Guide, Apple 2010.
I recommend that you read the Keychain Services Tasks for iOS.
An attacker with physical access can just create an iPhone backup, which includes completely unencrypted copies of most data files.