I am using cryptography concepts in my application. Some Encryption and decryption techniques and salt values are hard coded and IV values are using those techniques. Before I publish the app I need to obfuscate to my code. I am using XCode 6.2 version with updated OS. Please share with me techniques about how to do it.
Asked
Active
Viewed 111 times
0
-
1possible duplicate of [iPhone/iPad App Code Obfuscation - Is it Possible? Worth it?](http://stackoverflow.com/questions/5556849/iphone-ipad-app-code-obfuscation-is-it-possible-worth-it) – Fogh Apr 23 '15 at 13:42
-
2Neither "decryption techniques " nor `iv` need to be kept secret, only the encryption key. Good security requires using proven methods and cryptographic primitives not secret methods. – zaph Apr 23 '15 at 13:44
1 Answers
1
Neither "decryption techniques " nor iv need to be kept secret, only the encryption key. Good security requires using proven methods and cryptographic primitives not secret methods. Developer created cryptographic methods are usually insecure and lack peer review for flaws, the standard methods have been well researched and vetted for security flaws.
Shipping with the key embedded in the code is a problem, the key should be randomly generated (or in some similar process) at first-run and stored in the Keychain.
zaph
- 111,848
- 21
- 189
- 228