使用NSUserDefault保存用户名密码，安全性如何以及安全多少？ [英] Save username-password with NSUserDefault, how and how much safe?

问题描述

我会用NSUserDefault保存几个值（用户名密码）。

I would save a couple of values (username-password) with NSUserDefault.

首先：有没有办法将它们保存在一起（例如在数组中） ）？
第二：安全吗？或者我是否以某种方式加密密码？

First: is there a way to save them together (like in an array for example)? Second: is it safe? or do I have encrypt the password in a some way?

推荐答案

加密会给你一些安全保障。问题是你的程序还必须解密密码，这意味着它必须将密钥存储在某处。这将使其易受逆向工程的影响。更好的方法是在密码上使用单向函数（例如哈希）存储该哈希值。当用户输入密码时，您可以将单向函数应用于密码，并将结果与​​存储值进行比较。通过这种方式，密码不会受到损害（好吧，总是存在字典攻击，但这是密码强度的问题）。

Encryption will give you some security. The problem is your program would also have to decrypt the password, which means it must have the key stored in it somewhere. This will make it vulnerable to reverse-engineering. A better approach is to use an one-way function (such as a hash) on the password and store that hash value. When a user enters a password, you then apply the one-way function to the password and compare the result to the stored value. In this manner, the password cannot be compromised (well, there's always a dictionary attack, but that's a matter of password strength).

而不是使用NSUserDefaults，你将是最好使用 iOS钥匙串服务。它的主要目的是安全地存储用户凭据。 Apple已经为您完成了所有艰苦的工作。利用它。

Instead of using NSUserDefaults, you would be better off using iOS Keychain Services. It's main purpose is to securely store user credentials. Apple has already done all the hard work for you. Take advantage of it.

这篇关于使用NSUserDefault保存用户名密码，安全性如何以及安全多少？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！