Re: Encryption and Security
Re: Encryption and Security
- Subject: Re: Encryption and Security
- From: Don Messerli <email@hidden>
- Date: Thu, 8 Jan 2009 15:06:57 -0800 (PST)
Hate to be a stickler for semantics; but here I go.
MD5 is a hashing algorithm, not encryption. In general, it is not reversible. You hash the password, send it across and then compare it with the hashed password on the server side.
Encryption is a two-way process. You encrypt the data, send it, decrypt it and use it.
Matt, There are basically two problems you are concerned about.
1. That the person/entity connecting to your server and possibly modifying data there is in fact who they say they are and that they're authorized to do so.
This can be as simple as Basic or Digest Authentication ala HTTP which concatenates known values with "handshake" exchanged data and then hashes it or as complex as signing "handshake" exchanged data with a public key and then checking it with the private key.
2. Protecting the data from prying eyes. This is done with encryption - either symmetrical with shared keys or with public/private key pairs.
Don
________________________________
From: Arsen Pereymer <email@hidden>
To: email@hidden; Matt Keyes <email@hidden>
Sent: Thursday, January 8, 2009 12:02:43 PM
Subject: Re: Encryption and Security
Matt,
I have done several implementations similar to what you mention.
Here are some pointers (I can send you code too if you would like):
When sending any sensitive data (i.e. username. password, etc...) via WS from iPhone, encrypt the data (I like to use MD5) before sending to the WS.
_____________
Arsen Pereymer
--- On Thu, 1/8/09, Matt Keyes <email@hidden> wrote:
From: Matt Keyes <email@hidden>
Subject: Encryption and Security
To: email@hidden
Date: Thursday, January 8, 2009, 12:54 PM
Hello,
I am working on an iPhone app that communicates with a .NET SOAP web service.
I have the SOAP client down, but now I need to think about the security. The
.NET web service ultimately will be validating the Windows login as part of the
communication process, and I am trying to think how best to handle this on the
iPhone. My thoughts are that maybe using SSL would be good or encrypting part
of the data in the transmission (we tend to use Rijndael in most of our apps).
I am relatively new to Cocoa, however, and I would appreciate some pointers. I
know the CryptoSample project exists out there, but I am not clear as to what is
possible on the iPhone. Can I use SSL? If not, could I use Rijndael or some
other common encryption method? If so (for any of this), can anyone point me to
a sample.
Any help is appreciated! Thanks in advance!
~Matt
_________________________________________________________________
Windows Liveā¢ HotmailĀ®: Chat. Store. Share. Do more with mail.
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_hm_justgotbetter_explore_012009_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden