将用户凭据存储在钥匙串中以使用touchid登录有多安全?
[英]How safe it is to store user credentials inside keychain in order to login with touchid?
问题描述
I want to implement authentication mechanism with touchid to my mobile application. 
我想对我的移动应用程序实现带有touchid的身份验证机制。 My plan is that upon user successful login I will save his credentials to the keychain, and next time he goes to my application I will fetch the credentials from the keychain and let him login after successful touchid match. 我的计划是,在用户成功登录后,我会将其凭据保存到钥匙串中,下次他进入我的应用程序时,我将从钥匙串中获取凭据,并在成功touchid匹配后让他登录。
I was wondering if this is safe to save his password inside the keychain. 我想知道将他的密码保存在钥匙串中是否安全。 What could happen if the device is jail broken? 如果设备被越狱会怎样? Is there any alternative to saving his password in the keychain? 除了将密码保存在钥匙串中,还有其他选择吗?
Thank you! 谢谢!
2 个解决方案
解决方案1
4 2018-03-24 22:38:37
The keychain is the safest place to store your user's credentials. 钥匙串是存储用户凭据的最安全的地方。 You have the right idea with your implementation. 您对实现有正确的想法。 When you save something in the keychain on iOS, it's encrypted and safely stored by the system, which is safer than you handling encryption yourself 当您在iOS上的钥匙串中保存某些内容时,该内容已由系统加密并安全存储,这比您自己处理加密更安全
解决方案2
0 2018-03-25 06:26:12
It is safe to save credentials in the keychain. 将凭证保存在钥匙串中是安全的。 Here is evidence backing this up from Apple documentation. 这是Apple文档对此提供支持的证据。
By making a single call to this API, an app can store small bits of secret information on a keychain, from which the app can later retrieve the information—also with a single call.
Further information about storing other things: 有关存储其他内容的更多信息:
In addition to passwords, keychains also store cryptographic keys, certificates, and (in macOS) text strings (notes).
Source: https://developer.apple.com/library/content/documentation/Security/Conceptual/keychainServConcepts/02concepts/concepts.html 来源: https : //developer.apple.com/library/content/documentation/Security/Conceptual/keychainServConcepts/02concepts/concepts.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.