1

Can anyone provide information on the proper way to hash passwords using objective c (ios 6+)? I'm looking for examples and can't find anything clear out there.

Kenny
  • 2,150
  • 2
  • 22
  • 30
  • 1
    Check [MD5](http://stackoverflow.com/questions/7632145/how-do-i-create-a-hash-of-a-file-on-ios) [SHA](http://stackoverflow.com/questions/9454620/how-to-sha-hash-in-cocoa-ios) – Midhun MP Aug 30 '13 at 19:28
  • Good stuff Midhun - thanks! I'm still hoping to find a nice clear tutorial, but don't think there's one out there yet. I think I can use the SHA function though. – Kenny Aug 30 '13 at 19:34
  • 1
    I love the way people down-vote questions just because they're duplicates. If I had found that in my searching, do you really think I'd have asked for help?? – Kenny Aug 30 '13 at 19:35
  • 1
    Please check these tutorials too. [1](http://www.raywenderlich.com/6475/basic-security-in-ios-5-tutorial-part-1),[2](http://maniacdev.com/2010/09/tutorial-how-to-calculate-md5-or-sha-hash-of-file-efficiently),[3](http://en.wikipedia.org/wiki/MD5),[4](https://developer.apple.com/library/ios/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html#//apple_ref/doc/man/3cc/CommonCrypto),[5](http://en.wikipedia.org/wiki/SHA-1) – Midhun MP Aug 30 '13 at 19:43

1 Answers1

0

I would avoid doing your own hashing and store them in the Keychain for security.

UPDATE

There are probably many ways to do this, but the way I have sent info securely over the net is to simply use the https protocol. See this question, answer and discussion.

As an aside, why even do this at all? The OAuth protocol has been invented for this purpose, and is fairly easy to setup.

Community
  • 1
  • 1
coneybeare
  • 33,113
  • 21
  • 131
  • 183
  • 1
    But don't you think storing a hashed password in the keychain would provide even better security? Defense in depth... – Carl Veazey Aug 30 '13 at 19:51
  • I know nothing about your app, but unless you are dealing with bank records, medical records or govt secrets, I would bet that the encryption Apple has on the keychain is probably good enough. – coneybeare Aug 30 '13 at 19:53
  • I probably should have mentioned that I'll be sending them to a web service. – Kenny Aug 31 '13 at 02:29
  • coneybeare, can you guide me to a good tutorial for setting up oauth for this purpose? I have researched it, but still don't fully understand it yet. – Kenny Sep 02 '13 at 01:57