O'Reilly logo

Hacking and Securing iOS Applications by Jonathan Zdziarski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 10. Implementing Encryption

Encryption is one of the strongest forms of security an application can use to protect data, and one of the most critical to implement properly. Unfortunately, as you’ve learned, it’s not always easy to implement encryption securely. Many documents on the subject are convoluted and the spectrum of different algorithms and techniques are very broad. For this reason, most criminal hackers go after the implementation, rather than the encryption itself. Data cannot be adequately protected while it is decrypted in memory, and so ensuring that an application cannot decipher the data to load it is critical to good security. While at rest, data must be secured in a fashion where it cannot be breached (without a powerful cluster of machines, that is) if the device has been stolen or cloned by an attacker. This chapter will cover different encryption and key exchange techniques to help make it more difficult for an attacker to break your implementation.

Password Strength

All good encryption rests on the strength of the key, and most applications protect this key with a passphrase. It is suffice to say, then, that the strength of such encryption implementations depends greatly on the strength of the user’s passphrase.

No matter how solid your implementation is, all of your efforts as a developer can amount to nothing if the application allows weak passwords. For this reason, it’s a good idea not only to implement good cryptography, but also to implement good ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required