开发者

No bcrypt implementation in iOS... can use other language, create static library?

There is no straight forward bCrypt ( http://codahale.com/how-to-safely-store-a-password/) implementation in Objective-C, and while there are C code that does accomplish this, it's specifically for x86 processors, relying on BSD libraries.

I'm building an iOS app which shares the same password hashes as corresponding Online (.NET and HTML5+Javascript) applications.

I'm not quite where I ought to be, where I can read the awfully simplistic Java code ( http://www.mindrot.org/projects/jBCrypt/) and translate it to Objective-C code, suitable for iOS development.

However, there is a Ruby implementation ( https://github.com/codahale/bcrypt-ruby), and I've heard that you can use Ruby to build iOS applications. Could I then roll the Ruby code up into a Static Library, and link it to my iOS projects? Or, even use Mono and 开发者_如何学Pythonutilize the .NET implementation (also a clean, pure-code, no-dependency project) to build a Static Library?

Or, finally, does anyone know of an Objective-C implementation of the bCrypt code? It seems simple enough, I just don't know enough about .NET/C#/Ruby to translate it myself.


I have recently open sourced my own BCrypt Objective C implementation. I too looked for an existing Objective C implementation but to no avail. So I ported one from Java instead!

It does not have any external library or framework dependencies so it might be the perfect fit for you.

You can find it here... http://www.jayfuerstenberg.com/blog/bcrypt-in-objective-c https://github.com/jayfuerstenberg/JFCommon


iOS has the Security.framework to handle such taks. See Mac OS X and iOS Security Services, and to store a secure password you would use Certificate, Key and Trust Services, see example for how to Encrypting and Decrypting Data. The article you linked on bcrypt bears little value for devices programming as it is about how to store secure password on the server side. On a device you will always be the client the rules of how clients store passwords securely differ, as they are required to know the original password in almost all challenge protocols, and client side is exposed to completely different threat model that server side is.


Objective C can use C-libraries. Why bother with Ruby when https://github.com/rg3/bcrypt and http://www.openwall.com/crypt/ exist?

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜