• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: storing passwords
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: storing passwords

  • Subject: Re: storing passwords
  • From: Charles Srstka <email@hidden>
  • Date: Sun, 5 Jan 2003 13:06:53 -0600
You shouldn't use crypt() - if you want to go this route, you should use either CDSA or OpenSSL as you'll be able to get stronger and more secure encryption.

However, it's easier, simpler, and more flexible for the user if you just use the Keychain.

Charles

On Tuesday, December 24, 2002, at 09:44 AM, David Rio Vierra wrote:

There is the unix crypt() function for creating DES password hashes. See 'man 3 crypt' for details. If anyone knows about any better functions for this purpose, please chime in. You can store the encrypted password in a file(XML or otherwise), and set its permissions to octal 400 or equivalent so that only the file's owner can read it. When your program creates this file, it is usually owned by the user who launched the process. Of course, this won't stop an uninformed user from simply giving the file away.

- Rio

On Tuesday, December 24, 2002, at 04:47 AM, David A. Feldman wrote:

I suppose this is as much a generic development question as a Cocoa one, but perhaps someone can help me. I have an app that logs onto remote AppleShare servers. I've been having a lot of difficulty getting it to work with the Keychain -- and have posted here before about that -- but I'm realizing that for unattended operation (which is desirable for this app) the Keychain may not be the best option anyway, since whenever there's a change to the OS it re-requests permission to unlock the Keychain.

I don't have a lot of experience writing security code. So, what I'm wondering is this. Is there a way to securely store and retrieve users' passwords and save them in the app's data file? Some way to encrypt in such a way that my app can decrypt but no one else can? Furthermore, the data file is human-readable (and XML property list). If encrypted passwords are stored in it, is there any way to tighten security further so that someone who gains access to the data file can't just go ahead and use the encrypted password with a copy of my app to gain access to the remote server(s)? And if not, will users see that as a potential security hole? Thanks.

--Dave

---------------------------------------------------------------------- ----
David A. Feldman
User Interface Designer
email@hidden
http://InterfaceThis.com
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
  • Follow-Ups:
    • Two Rounded NSTextField bugs
      • From: Charles Bennett <email@hidden>
  • Prev by Date: Re: Quickly drawing non-antialiased, discrete, pixels
  • Next by Date: setState: on a DockMenu item ???
  • Previous by thread: Re: Addressbook framework without a regular user
  • Next by thread: Two Rounded NSTextField bugs
  • Index(es):
    • Date
    • Thread