使用 NSUserDefault 保存用户名-密码，安全程度如何? [英] Save username-password with NSUserDefault, how and how much safe?

问题描述

我会用 NSUserDefault 保存几个值(用户名-密码).

I would save a couple of values (username-password) with NSUserDefault.

首先:有没有办法将它们保存在一起(例如在数组中)?第二:安全吗?还是我以某种方式加密了密码?

First: is there a way to save them together (like in an array for example)? Second: is it safe? or do I have encrypt the password in a some way?

推荐答案

加密会给你一些安全.问题是您的程序还必须解密密码，这意味着它必须将密钥存储在某个地方.这将使其容易受到逆向工程的影响.更好的方法是在密码上使用 单向函数(例如哈希)存储该哈希值.当用户输入密码时，您将单向函数应用于密码并将结果与​​存储的值进行比较.以这种方式，密码不会被泄露(好吧，总是有字典攻击，但这是密码强度的问题).

Encryption will give you some security. The problem is your program would also have to decrypt the password, which means it must have the key stored in it somewhere. This will make it vulnerable to reverse-engineering. A better approach is to use an one-way function (such as a hash) on the password and store that hash value. When a user enters a password, you then apply the one-way function to the password and compare the result to the stored value. In this manner, the password cannot be compromised (well, there's always a dictionary attack, but that's a matter of password strength).

最好不要使用 NSUserDefaults，而是使用 iOS 钥匙串服务.它的主要目的是安全地存储用户凭据.Apple 已经为您完成了所有艰苦的工作.好好利用吧.

Instead of using NSUserDefaults, you would be better off using iOS Keychain Services. It's main purpose is to securely store user credentials. Apple has already done all the hard work for you. Take advantage of it.

这篇关于使用 NSUserDefault 保存用户名-密码，安全程度如何?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！