问题
I need to implement offline login in my application.Currently I am storing passwords in keychain which have been used to login at least once when the app is online.But right now I am not checking the username password combination. If I have multiple users for a single device , storing only passwords won't be enough. So Can anyone of you suggest something which can be done with no security breaches.
回答1:
I suggest you to store the password, using the login as a key. something like : acccount_test@test.com / password.
You can encode the md5 value of the passcode to improve security too
回答2:
you can use NSURLCredential depend on this link
Store
NSURLCredential *credential;
credential = [NSURLCredential credentialWithUser:username password:password persistence:NSURLCredentialPersistencePermanent];
[[NSURLCredentialStorage sharedCredentialStorage] setCredential:credential forProtectionSpace:self.loginProtectionSpace];
Get Store Data
NSURLCredential *credential;
NSDictionary *credentials;
credentials = [[NSURLCredentialStorage sharedCredentialStorage] credentialsForProtectionSpace:self.loginProtectionSpace];
credential = [credentials.objectEnumerator nextObject];
NSLog(@"User %@ already connected with password %@", credential.user, credential.password);
回答3:
You can save it in the device Keychain which designed to save sensitive information. Download a wrapper from this Ray Wenderlich tutorial and encrypt the password with sha512
#import "KeychainWrapper.h"
#include <CommonCrypto/CommonDigest.h>
-(void)createSHA512andSaveToKeychain:(NSString*)unencryptedPasswd {
const char *passwdBytes= [unencryptedPasswd cStringUsingEncoding:NSUTF8StringEncoding];
NSData *passwordData = [NSData dataWithBytes:passwdBytes length:unencryptedPasswd.length];
uint8_t digest[CC_SHA512_DIGEST_LENGTH];
CC_SHA512(passwordData.bytes, passwordData.length, digest);
NSMutableString *encryptedPasswd= [NSMutableString stringWithCapacity:CC_SHA512_DIGEST_LENGTH * 2];
for(int i = 0; i < CC_SHA512_DIGEST_LENGTH; i++) {
[encryptedPasswd appendFormat:@"%02x", digest[i]];
}
// Save the password in the device keychain
KeychainWrapper *keychainWrapper = [[KeychainWrapper alloc] init];
[keychainWrapper mySetObject:encryptedPasswd forKey:(__bridge id)kSecValueData];
[keychainWrapper writeToKeychain];
}
To retrieve the password:
// Retrieve the pwd from the device keychain
KeychainWrapper *keychainWrapper = [[KeychainWrapper alloc] init];
NSString *pwd = [keychainWrapper myObjectForKey:@"v_Data"];
来源:https://stackoverflow.com/questions/41018406/how-can-we-store-a-username-password-combination-in-keychain-in-encrypted-format