Search code examples
iossecuritykeychain

Is it enough to save Pin code (string) value to iOS Keychain to be secure?

I am working on the app that require protection screen for the app.

This screen looks like :

enter image description here

I already done all features expect one. It is proper saving of the pin code. I read about iOS Keychain and think it is quite suitable approach to save sensitive information.

But I would like to hear opinion from others is it enough? Or what should i use to protect this (pin code) information.

Now it is working like:

Set

Pin -> Keychain

Get

Keychain -> Pin

Also I consider hashing:

Set

Pin->Encode->Keychain

Get

Keychain->Decode->Pin

Solution

  • In most cases the keychain should be enough. But there is no 100 percentage solution. If an attacker has access to the hardware and software you can only make it harder to get the data, not impossible.

    That means in your case an attacker already needs access to the device and the device pin code / touchid (if set) to install a jailbreak. Only then it's possible to get access to the content of the keychain and your stored data inside.

    An additional encoding of your keychain data requires to store the key for the encode/decode somewhere. You have to save it somewhere else, e.g.in the user defaults, but the keychain already has the highest security level. Encoding makes sense for the real user data (the data you want to secure with the pin: access token, file encryption password, ...), because for these data it may be importend to destroy them in app deinstall/reinstall process. The user defaults will be removed when deinstall, the keychain not. Scenario: User deletes app and sell his/her phone without resetting it in device settings. Buyer installs jailbreak -> old data in keychain should be garbage/unreadable.

    Conclusion: Think about it: What user data do you wanna secure with the pin? These data are also located inside of the keychain, even if it's only an access token for web requests or a password for an encryption. You don't need a higher security level for the pin than for your data ;) In case of a pin your solution should be enough. But it's imported that your real user data should use the same security level or a higher one.

    Update

    There is a higher security level than the keychain: "Secure Enclave". It's mainly used for saving the touch id informations. Apple do not documented it, so I wouldn't recomend to use it yet. There is a project called Tidas to make it accessible for the community.