本文介绍了一种更安全的方法来存储用户凭据,通过使用iOS Keychain Services替代UserDefaults,采用一元函数对密码进行哈希处理,从而避免了密码被反向工程的风险。重点推荐了Apple提供的这一安全特性,以保护用户数据。
Encryption will give you some security. The problem is your program would also have to decrypt the password, which means it must have the key stored in it somewhere. This will make it vulnerable to reverse-engineering. A better approach is to use an one-way function (such as a hash) on the password and store that hash value. When a user enters a password, you then apply the one-way function to the password and compare the result to the stored value. In this manner, the password cannot be compromised (well, there's always a dictionary attack, but that's a matter of password strength).
Instead of using NSUserDefaults, you would be better off using iOS Keychain Services. It's main purpose is to securely store user credentials. Apple has already done all the hard work for you. Take advantage of it.
扫一扫
6808
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
