Category Archives: Authentication

More security processes go wrong

Posted on 2013-05-14 by Graham

I just signed a piece of card so that I could take a picture of it, clean it up and attach it to a document, pretending that I’d printed the document out, signed it, and scanned it back in. I … Continue reading →

Posted in Authentication, Vulnerability | Comments Off

Password checking with CommonCrypto

Posted on 2012-07-05 by Graham

I previously described a system for storing and checking credentials on Mac OS and iOS based on using many rounds of a hashing function to generate a key from the password. Time has moved on, and Apple has extended the … Continue reading →

Posted in Authentication, code-level, Crypto, password | 1 Comment

On the new Lion security things

Posted on 2011-07-26 by Graham

This post will take a high-level view of some of Lion’s new security features, and examine how they fit (or don’t) in the general UNIX security model and with that of other platforms. App sandboxing The really big news for … Continue reading →

Posted in Authentication, Authorization, Codesign, Mac, PCAS, sandbox | 4 Comments

Storing and testing credentials: Cocoa Touch Edition

Posted on 2011-04-29 by Graham

This article introduces the concept of key stretching, using code examples to explain the ideas. For code you can use in an app that more closely resembles current practice, see Password checking with CommonCrypto. There’s been quite the media circus … Continue reading →

Posted in Authentication, code-level, Crypto, iPad, iPhone, Mac, password, PCAS | 7 Comments

Category Archives: Authentication

More security processes go wrong

Password checking with CommonCrypto

On the new Lion security things

Storing and testing credentials: Cocoa Touch Edition

OOP the Easy Way

APPropriate Behaviour

APPosite Concerns

FSF