Is the iOS keychain encrypted without device passcode?
Question
Up till now I believed the iOS keychain was the best way to store usernames and passwords. However, I came across this site that states that:
"without a passcode, all data on the device — including sensitive data stored in the Keychain — can be read by anyone with momentary access to the device"
I have gone through the relevant sections in apples documentation on iOS security and nothing explicitly states such?
Is this claim true or have I misunderstood something here?
1 answers
solution1
0 ACCPTED 2016-01-21 04:12:22
The keychain is implemented as a SQLite database stored on the file system. There is only one database;
the securityd daemondetermines which keychain items each process or app can access. Keychain access APIs result in calls to the daemon, which queries the app's “keychain-access-groups,” “application-identifier,” and “applicationgroup” entitlements. Rather than limiting access to a single process, access groups allow keychain items to be shared between apps.
It means that the hacker can't access ur keychain data even there is no Passcode . It's under the control of Apple's the securityd daemon . You cant access the data of keychain without the securityd daemon .
Update :
Maybe that's what u want to know: Hacker vs Keychain
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.