1

I'm wanting a more secure way to store high scores and power ups like stars/coins than using UserDefaults (which I believe can be altered by end user). I've seen the keychain mentioned as an alternative and after reading a little about it I get the impression it's main purpose is for storing passwords.

1, Is it ok to use the keychain for this purpose? 2, How much data can you realistically store? 3, Is it ok to write many changes to it very quickly, eg. Several times a second? 4, I believe there's many open source classes to deal with the keychain. Which is the best to use?

Thanks

Darren
  • 10,182
  • 20
  • 95
  • 162

2 Answers2

2

Instead of storing highscores into a place where they don't belong, you might consider hashing them. If you read the highscore again, also compare the hash with a recalculated one. If they don't match, the highscore has been tampered with and you can blame the player for trying to cheat. The hashing algorithm can be something very sophisticated like SHA, or you can think of a simpler one yourself. I suppose it doesn't have to be too bullet proof for game scores.

Krumelur
  • 32,180
  • 27
  • 124
  • 263
  • Thanks for the suggestion. I'll look into this, never done hashing, any pointers? – Darren Jun 14 '12 at 16:26
  • To be honest: not in ObjectiveC. But a bit of googling returned this: http://spitzkoff.com/craig/?p=122 or that: http://stackoverflow.com/questions/3468268/objective-c-sha1 – Krumelur Jun 14 '12 at 18:37
1

Maybe this thread helps: How to secure NSUserDefaults?

They mention Secure-NSUserDefaults ctagory but I haven't used it yet. Though thanks for the question, that reminded me to use keychain in my apps too!

Community
  • 1
  • 1
Bersaelor
  • 2,517
  • 34
  • 58
  • Thanks, that looks like it'll do the job and avoids having to use the keychain. I'll give it a whirl. Why would you use the keychain and not this hash method? – Darren Jun 14 '12 at 20:03
  • Well, I'm looking into that too at the moment. Though without seeing this question I wouldn't even have noticed that storing passwords into NSUserDefaults would be an issue ;) – Bersaelor Jun 14 '12 at 23:01
  • I've just added Secure-NSUserDefaults and it works very well and very easy to implement. – Darren Jun 15 '12 at 09:10