8

I have a user pin stored in the iOS Keychain. For every pin attempt, I use SecItemCopyMatching to retrieve the reference pin, and then do the comparison.

The problem is that, for a short amount of time, the retrieved reference pin enters the app's working memory. If the phone is compromised, the reference pin can potentially be read off.

Is there a way to pass the pin attempt to the Keychain and have the Keychain do the comparison with the reference pin in its secure environment? (Can the Secure Element do that kind of stuff?)

Randomblue
  • 112,777
  • 145
  • 353
  • 547

4 Answers4

6

In general, you store a one-way hash of the password with a salt, not the actual password. To verify, add the salt, hash the string, compare against the stored hash, and if it matches, it's verified.

The strength then, is the strength of the algorithm, the salt, and the password.

Marcus Adams
  • 53,009
  • 9
  • 91
  • 143
  • Problem is it's a 4-digit pin, so hashes are easily brute-forceable. – Randomblue Mar 04 '15 at 20:40
  • 2
    Very true. Strange that you would call a PIN a password. Still, it's better than nothing. Seems like an [x-y problem](http://meta.stackexchange.com/questions/66377/what-is-the-xy-problem) then, though. – Marcus Adams Mar 04 '15 at 20:43
  • Sorry about that! The problem is now precisely stated. – Randomblue Mar 04 '15 at 21:43
  • If an attacker has full access to your device, what would prevent him to run the same brute force directly on your keychain (if keychain would provide such a check)? the strength of your PIN is the weak point here in any case. – Angel G. Olloqui Apr 11 '15 at 09:22
3

You can have an item named as hashed pin, then you can check whether the items exists when the user enters a pin after hashing it.

You may need to clean the item from keychain when the pin changes.

alpere
  • 1,079
  • 17
  • 26
2

no it can't be done the way you propose. the keychain is a storage

but is it really a problem if the item is in volatile memory?
I mean.. if the keychain is open it already is in the memory (at least while the check is done)

Daij-Djan
  • 49,552
  • 17
  • 113
  • 135
2

I think this could help you reaching the final answer as 1Password is facing the same issue.

https://guides.agilebits.com/kb/security/en/topic/touch-id-pin-code-and-ios-keychain

But based on what I read, what you want to achieve is not possible for now. The closest information I could find was this one:

What is the correct way to clear sensitive data from memory in iOS?

and this one:

Sensitive Data In Memory

Where you can read:

If your adversary has the ability to run arbitrary code on your target machine (with the debug privileges required to dump a process image), you are all sorts of screwed.

So my answer is : No, you can't check pin without leaving the iOS Keychain.

Community
  • 1
  • 1
Mikael
  • 2,355
  • 1
  • 21
  • 45