Re: CoreData: Save password securly
Re: CoreData: Save password securly
- Subject: Re: CoreData: Save password securly
- From: Jens Alfke <email@hidden>
- Date: Sat, 9 Feb 2008 23:10:11 -0800
On 8 Feb '08, at 11:23 PM, Adam Gerson wrote:
Is there a way to save a password value into a core data store so
that its secure from anyone who might go snooping around in the
store file?
Yes — this is commonly done by server software to avoid storing users'
cleartext passwords. What you do is run the password through a
cryptographic hash function like SHA-1, and store the hash value in
the file. Then when the user enters a password, you hash that and
compare the result with the hash from the file.
(For best results, append some unique-to-your-app string to the
password before hashing it. That way if two different apps use this
technique, the same password won't hash to the same value in both. To
be precise, instead of calling SHA1(thePassword), call SHA1(thePassword
+"mygroovyuniquestring") or something. That string is called "salt" by
crypographers.)
You can access SHA-1 via the convenient API in <CommonCrypto/
CommonDigest.h>.
—Jens_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden