Hi again Nathaniel,
Did you have any chance to take a look at my contributed patches?
On 17/02/2015 16:26, Leonardo Brondani Schenkel wrote:
I've changed FreeOTP to use the Keychain to store the tokens (and
migrate anything present in NSUserDefaults).
The patches are attached and you can also view the changes here:
Note that I'm being very conservative and using
'kAccessibleWhenUnlockedThisDeviceOnly', so tokens will only be stored
in the device and will not be able to be transported to any other
device nor will be present in any backups. That should make the app be
as secure (assuming no security bugs in the iOS platform) as hardware
Instead of using the raw Keychain API, which is very cumbersome and
hard to use (and read), I've decided to incorporate the FXKeychain
wrapper (from here: https://github.com/nicklockwood/FXKeychain
has the advantage of keeping TokenStore.m mostly unchanged and it has
a compatible license — and IMHO its code is pretty readable and has
The commits are small on purpose to make each change easier to review.
Please let me know if you believe something can be improved.
On 13/02/15 16:32, Nathaniel McCallum wrote:
> On Tue, 2015-02-10 at 21:42 +0100, Leonardo Brondani Schenkel
>> Is there any reason why the iOS app the NSUserDefaults mechanism
>> to store the secrets instead of the Keychain? It's not really
>> considered a good practice to use the former to store secrets.
> Nope. There isn't really a good reason.
>> If there is no strong reason, would a patch that uses the
>> Keychain be considered for inclusion into a future release?
> Yes, I would consider it. The most important thing is that upgrades
> be handled smoothly.
> Nathaniel _______________________________________________
> freeotp-devel mailing list freeotp-devel(a)lists.fedorahosted.org