Skip to content

Instantly share code, notes, and snippets.

Last active Dec 26, 2015
What would you like to do?
Split Server-Side Keys
In this scenario, two keys are generated and XORed to encrypt the master key on the device. One of these keys is
generated using a passphrase supplied by the user. The other key is ran- domly generated and stored on a trusted
remote server when the application is first provisioned. When the application launches, the user enters his
passphrase to generate his half of the key, but must also authenticate on the trusted server to retrieve the other
half of the key. This ensures that neither the server nor the device has all of the infor- mation needed to decrypt
the data within the application. It also helps to stave off attacks against the passphrase, as the passphrase alone
isn’t enough to decrypt data. An attacker would need to not only attack the passphrase, but also the server
containing the second half of the key. Another benefit to this technique is that a server-side key can be discarded
when a device is believed to be stolen or compromised.
This description is an exempt of the book: (page 262)
'Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment