Jens-
You are absolutely correct, and I should have been more clear. The
"authenticated" part is simply so you can provide feedback to the user. ("Your
password was wrong.") Replacing the password file could (assuming you knew the
process) allow one to achieve "authenticated" status, but the decrypted 256 bit
number would not be a valid key for the encrypted data thereafter. Any
sensitive information should be encrypted with the 256 bit key, since it will
be unreadable without the correct password file _as well as_ the correct
password.
Regards,
Dan
On Feb 13, 2014, at 5:58 PM, Jens Alfke wrote:
On Feb 13, 2014, at 2:28 PM, Daniel Wambold <wambo...@gmail.com> wrote:
> I have hacked together a brief sample app illustrating how I prefer to do
> password authentication. It does not use the keychain, which can be useful as
> well. If it's of any interest or use, feel free. It's called
> "MyAuthenticator," which is the first thing listed on the page below. If I
> understood your goal, you wanted the user to authenticate themselves to the
> program (via a password) so you could reveal other, sensitive data? If so,
> this does just that.
It doesn't provide much security, though. Although reading the password file is
harmless (because it's been hashed), the file can be _replaced_ with one
created by the attacker that matches a password they know. Then they can log
in. Also, unless the underlying sensitive data is encrypted, an attacker could
grope into the app's data directory and read it.
To use this kind of password-based symmetric-key encryption securely, the
_data_ to be protected has to be encrypted. So once the user's entered the
password and you've derived an AES key from it, you use that key to decrypt the
data file. If the decryption results in invalid data, the password was wrong.
—Jens
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
