• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: NSConnection timeouts
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSConnection timeouts

  • Subject: Re: NSConnection timeouts
  • From: Andrew Farmer <email@hidden>
  • Date: Thu, 16 Aug 2007 13:49:36 -0700
On 16 Aug 07, at 04:53, Andrew James wrote:
On 16/08/2007, at 6:41 AM, Andrew Farmer wrote:
If you're after encrypting network traffic, I recommend OpenSSL. While TEA is a reasonable encryption algorithm (provided that you're aware of the cryptanalytic attacks against it), it makes no provision for key exchange or authentication - all things you'd want to do for "network encryption". Even if you're just interested in encrypting local data, OpenSSL has a large library of cryptographic primitives.

The problem with OpenSSL is that my applications server and client are available for everyone, so the data would be unsecure as everyone would have the private keys.

Security by obscurity is a terrible way to approach things - if all it takes is one person reverse-engineering your program to make it insecure, your program was never secure to start with. Worse yet, the architecture you're describing would mean that, once someone managed to extract the encryption key from your program, they would be able to read all data encrypted by that program, forever. This is Bad.

True security does not depend on secrets. And in this case, there's an appropriate solution available as well: on the first launch, have the server generate a self-signed SSL certificate. Then use OpenSSL to negotiate encryption between the client and the server. As part of this negotiation, it'll generate a unique session key to encrypt that session. Note that at no point does this system depend on anything that's constant between every instance of the application! The only nontransient secret is the server private key, and you could even regenerate that at startup if you wanted to.

If all this sounds complicated -- well, it is. But most of the heavy lifting is done for you by the OpenSSL library, and there's a lot of open-source applications that use it which you can use as examples.

I'll close with a quote here: "Cryptography is not magic pixie dust that you can sprinkle on a problem and make it secure." (Jon Callas)

Hopefully all this is a help to someone. :)
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >NSConnection timeouts (From: Andrew James <email@hidden>)


 >Re: NSConnection timeouts (From: Jacob Engstrand <email@hidden>)


 >Re: NSConnection timeouts (From: Andrew Farmer <email@hidden>)


 >Re: NSConnection timeouts (From: Andrew James <email@hidden>)






    

  • Prev by Date:
Re: Problem with dataWithContentsOfURL of NSData

    • 

  • Next by Date:
Re: Cocoa Bindings master-detail interface with sets of data in	the	detail part

    • 

  • Previous by thread:
Re: NSConnection timeouts

    • 

  • Next by thread:
Modern Cocoa Application Examples

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •