-
-
Save cvasilak/200180a133e4eb2573ac to your computer and use it in GitHub Desktop.
Split Server-Side Keys
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In this scenario, two keys are generated and XORed to encrypt the master key on the device. One of these keys is | |
generated using a passphrase supplied by the user. The other key is ran- domly generated and stored on a trusted | |
remote server when the application is first provisioned. When the application launches, the user enters his | |
passphrase to generate his half of the key, but must also authenticate on the trusted server to retrieve the other | |
half of the key. This ensures that neither the server nor the device has all of the infor- mation needed to decrypt | |
the data within the application. It also helps to stave off attacks against the passphrase, as the passphrase alone | |
isn’t enough to decrypt data. An attacker would need to not only attack the passphrase, but also the server | |
containing the second half of the key. Another benefit to this technique is that a server-side key can be discarded | |
when a device is believed to be stolen or compromised. | |
Aknowledge: | |
This description is an exempt of the book: (page 262) | |
'Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment