Category Archives: password

Password checking with CommonCrypto

I previously described a system for storing and checking credentials on Mac OS and iOS based on using many rounds of a hashing function to generate a key from the password. Time has moved on, and Apple has extended the … Continue reading

Posted in Authentication, code-level, Crypto, password | 1 Comment

Storing and testing credentials: Cocoa Touch Edition

This article introduces the concept of key stretching, using code examples to explain the ideas. For code you can use in an app that more closely resembles current practice, see Password checking with CommonCrypto. There’s been quite the media circus … Continue reading

Posted in Authentication, code-level, Crypto, iPad, iPhone, Mac, password, PCAS | 7 Comments

Why passwords aren’t always the right answer.

I realised something yesterday. I don’t know my master password. Users of Mac OS X can use FileVault, a data protection feature that replaces the user’s home folder with an encrypted disk image. Encrypted disk images are protected by AES-128 … Continue reading

Posted in Encryption, Keychain, Mac, password | 3 Comments

Why do we annoy our users?

I assume that, with my audience being mainly Mac users, you are not familiar with Microsoft Security Assessment Tool, or MSAT. It’s basically a free tool for CIOs, CSOs and the like to perform security analyses. It presents two questionnaires, … Continue reading

Posted in brute-force, password, tool-support | 2 Comments