Keychain Password Pitfalls

Question

Are there any known pitfalls to avoid when storing user passwords in the Keychain? I am planning to give users the ability to require a password in order to access my iPad app. I have basic read and write of a string to the Keychain working. I just want to make sure that I don't allow them to get into a scenario that they lock themselves out through no fault of their own. For example:

• Would the keyboard allow them to enter special characters that couldn't be saved or read from the keychain
• Is there a limit on the string length

Thanks for any insight you can share.

Answer 1

Save the password. Read it back. Make sure it works. If not, tell the user that it failed and make them enter a different password.

Not all keyboards can enter all characters. The phone-lock keyboard in 3.1.2 or so (not sure if they've fixed it) had a bug where it would restrict you to "ASCII-capable" keyboards (e.g. not Hebrew), but not restrict the characters that could be entered; enabling certain keyboards would add additional accents, and some keyboards had additional symbols. You could then disable some keyboards, lock the phone, and be completely unable to unlock it. (I made a backup before testing this.)

In your case, you don't stop the user from keyboards, so this is less of an issue.

Note that you're approaching this from the wrong direction: The password unlocks content. You are trying to keep the content secure. You don't need to save the password anywhere (you could just use it to encrypt the content).

Files will also appear unencrypted in (unencrypted) backups. In 3.1.2, you could back up a passcode-locked phone (not sure if they fixed this in 3.2); this meant that on a device with no backup password, you can steal everything by attaching it to a laptop and pressing "Backup".

Effectively implementing crypto yourself is beyond the scope of this answer.