6

This is my java code. Now I want to implement same functionality in Objective-C.

int dkLen = 16;
int rounds = 1000;
PBEKeySpec keySpec = new PBEKeySpec(hashKey.toCharArray(),salt.getBytes(), rounds, dkLen * 8);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
return factory.generateSecret(keySpec).getEncoded();

This is my iOS implementation 

- (void)getHashKey {
      NSString *hash_key=@"MY_HASHKEY";
      NSString *saltKey = @"MY_SALTKEY";

      int dkLen = 16;
      NSData *keyData = [hash_key dataUsingEncoding:NSUTF8StringEncoding];
      NSData *salt    = [saltKey dataUsingEncoding:NSUTF8StringEncoding];
      uint    rounds  = 1000;
      uint    keySize = kCCKeySizeAES128;

      NSMutableData *derivedKey = [NSMutableData dataWithLength:keySize];

      CCKeyDerivationPBKDF(kCCPBKDF2,               // algorithm
                           keyData.bytes,           // password
                           keyData.length,          // passwordLength
                           salt.bytes,              // salt
                           salt.length,             // saltLen
                           kCCPRFHmacAlgSHA1,       // PRF
                           rounds,                  // rounds
                           derivedKey.mutableBytes, // derivedKey
                           dkLen*8);                // derivedKeyLen

       NSString *myString = [[NSString alloc] initWithData:derivedKey encoding:NSASCIIStringEncoding];
       NSLog(@"derivedKey: %@", myString);
}

Is there any problem with algorithm which i am using in iOS

Michael Dorner
  • 17,587
  • 13
  • 87
  • 117
Askarc Ali
  • 318
  • 4
  • 21

1 Answers1

4

Use the Common Crypto CCKeyDerivationPBKDF function with the option kCCPRFHmacAlgSHA1.

Note PBEKeySpec keyLength is in bits, CCKeyDerivationPBKDF derivedKeyLen is in bytes.

For a more detailed answer provide all input (hashKey, salt) and the output in hex dump format plus the number of rounds, output length in bytes.

See this SO answer for sample code.

Update for revised question code:

CCKeyDerivationPBKDF returns 8-bit data bytes that is essentially not characters and many are not printable even if forced into NSASCIIStringEncoding. Forcing to NSASCIIStringEncoding even if there is no error returned is incorrect and non-useful. Instead either use the returned NSData or convert to Base64 or HexASCII encoding.

Change

NSString *myString =    [[NSString alloc] initWithData:derivedKey encoding:NSASCIIStringEncoding];

Output: A´Öº÷"ùïó

to

NSString * myString = [derivedKey base64EncodedStringWithOptions:0];

Output: QbTWgbr3FSL57/MfBQAz4A==

Note: 1000 rounds is generally considered insufficient, something in the 10,000 to 100,000 range should be used.

Timings on an iPhone 6S:

rounds  seconds
1000    0.003  
10000   0.032  
100000  0.309  
1000000 3.047
Community
  • 1
  • 1
zaph
  • 111,848
  • 21
  • 189
  • 228
  • thank your for your concern .i have edited my question please let me know if am doing any wrong – Askarc Ali Oct 28 '15 at 09:24
  • @ zaph, is there any problem if i use 1000? – Askarc Ali Oct 28 '15 at 11:55
  • if i need to see same string in android should i convert into base64 ? – Askarc Ali Oct 28 '15 at 12:02
  • It is just a matter of security level, the key derivation should take long enough to prevent an attacker from trying large numbers of keys. There is code and password lists available that are very fast. It also depends on what you are protecting, if it is a single spicific user that is being attacked that is harder for an attacker so a lower number of rounds is reasonable. If it is the server and breaking any account is sufficient a higher number of rounds is necessary since the attacker only needs to break the worst password. – zaph Oct 28 '15 at 12:16
  • i am getting incorrect checksum for freed object object was probably modified after being freed error – Askarc Ali Nov 15 '15 at 06:39
  • The statement is too vague, I suggest a new question with the code and details. – zaph Nov 15 '15 at 16:09
  • please answer this question.you can only help in this http://stackoverflow.com/q/33413723/5223973 – Askarc Ali Nov 16 '15 at 05:39