Hi,
How to encrypt a nsstring and store it in a file, and how to decrypt the same.
Please suggest me wat api's i shld use...
A:
If you only need to support 10.5 or higher you can use the CommonCryptor API. The first comment to this post shows an example category for encrypting/decrypting NSData's:
http://iphonedevelopment.blogspot.com/2009/02/strong-encryption-for-cocoa-cocoa-touch.html
Dewayne Christensen
2010-01-06 15:36:34
A:
While not an API call, you could implement a simple XOR cipher. This is quick and simple to implement and depending on the characteristics of your string (i.e. if it is of fixed length) can be very secure. If you have a variable length string XOR encryption may not be secure enough depending on your needs. Have a look at the Wikipedia article.
mikecsh
2010-01-06 15:59:00
XOR ciphers are *NEVER* secure. It is an obfuscation that is easily and trivially reversed.
dreamlax
2010-01-06 20:24:43
Perhaps I'm mistaken but I was under the impressions that using a unique key of equal length to the data to be encrypted was theoretically unbreakable, effectively a 'one time pad'. Using a short, repeating key is indeed trivially reversed.
mikecsh
2010-01-06 21:50:53
All you need to do to break an XOR cipher is to disassemble the binary and look for a loop that XORs over the same length as the password (or over any fixed length of data). Then, you have not just the password, but also the cipher. This can be done using a number of techniques, including the use of profiling tools that measure the use of the XOR CPU instruction in the same region in memory that the data on the disk was loaded into. It doesn't matter if the password was right or wrong, you will end up with the cipher, and once you have the cipher you can recover the plaintext.
dreamlax
2010-01-07 02:38:22
Again, if you put in any arbitrary plaintext, you can monitor the memory location of the deciphering and watch how it is transformed by the XOR loop. Since the key is symmetric, you just have to XOR again but this time you XOR your result with the same plaintext that you provided before. Now you have the cipher, and you can decipher the ciphertext.
dreamlax
2010-01-07 02:40:25
Another problem with XOR is that if you already know part of the password, then you already know part of the cipher.
dreamlax
2010-01-07 02:41:55
Ahh that's very informative - thanks dreamlax. I hadn't considered people meddling with the binary. Could you tell me though if this is correct: if I had 1 MB of data and I created a unique 1MB random key, XOR'd the two together to produce a 1 MB ciphertext and emailed that to you (so there is no binary to disassemple/debug/monitor), would that cipher text be secure or insecure? Many thanks for correcting my understanding!
mikecsh
2010-01-07 09:14:52
Yes, that is correct, however the problem with one-time pads is that you need a secure system of distributing the key, otherwise the attacker could intercept the distribution of the key and intercept the transmission of the ciphertext.
dreamlax
2010-01-07 12:01:32
A:
If you are storing a password first decide whether or not you need to re-use the password or whether you just need to check that the user has entered the correct password.
If you just need to verify that the user has entered the correct password, then store the password using a hash, and compare the hash of the user input with the hash you have stored. If both hashes are equal, then the user has [probably] typed it correctly. See more information about hashes at Wikipedia.
If you need to re-use the password (i.e. for authenticating with other services, such as connecting to an Internet service), use Apple's Keychain service. If you are targeting the iPhone, then check out this this related document.
dreamlax
2010-01-06 20:30:26
A:
Hi,
This is the function i used for encryptiong.
DES_cfb64_encrypt( ( unsigned char * ) pchInputData, ( unsigned char * ) pchOutCipher, size, &schedule, &ParityKey, &no, DES_ENCRYPT );
I had to convert this to base64 so that i can store it in a file.
pstrResult = Base64encoding(size,( unsigned char * )pchOutCipher);
Pradeep Kumar
2010-01-30 21:34:26