问题
I have a string in my code that I use as a secret when I communicate with my server. What is the best way to encypt this string to ensure that a hacker will not be able to find it out by searching my binary or looking into the memory during run time? (if possible to prevent at all?)
What are some measures you would suggest to at least make this as diffcult as possible?
回答1:
A far better approach would be to monitor use from your server and try to detect usage patterns that did not match your application - such as knowing it would always make one kind of request before another, or that an iPhone ID you pass up as a parameter to a call was not used excessively from multiple sources. You could have it make an initial call when the app first starts and record on the server the phone ID to allow other calls.
There are multiple ways to approach the problem, but they are all server based - anything in the client can and will be seen by a hacker. Anything the client says must always be treated as a lie, for sometimes it will be.
回答2:
Technically it's not possible, one can always at least memory scrape the code just after decryption before the connect, and as the whole decryption algorithm needed is also already available in the code. A disassembly will allow one decrypt the data straight from the binary.
In practise as this is a closed platform (from the fact you used the iphone tag), it'll only be major hackers that would manage to get it even if it's just a plain hexadecimal string in the binary.
来源:https://stackoverflow.com/questions/1165979/what-is-the-best-way-to-hide-encrypt-a-string-in-objc-c