Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

How to use CCKeyDerivationPBKDF on iOS4 #22

Closed
rlalwani opened this Issue · 8 comments

3 participants

@rlalwani

Which piece do you need? Just CCKeyDerivationPBKDF? Have you tried just using CommonKeyDerivation.c? If it causes much trouble, open an issue on RNCryptor with what you're trying to achieve on iOS4 and I'll see what I can do. https://github.com/rnapier/RNCryptor

Rob, Since CCKeyDerivationPBKDF is not available until after iOS 5.0, people have suggested using the open source code for CommonCrypto available here:

http://www.opensource.apple.com/source/CommonCrypto/CommonCrypto-55010/

I think we cannot simply compile CommonKeyDerivation.c because it requires a few other functions. Can you help with what and how to compile appropriate files in an Xcode project which also needs to work with iOS4 devices? I can also pay a reasonable consulting fees for help with this - just let me know.

@rnapier
Owner

Just to check: did your adding the extra files resolve this sufficiently? http://stackoverflow.com/questions/9958661/how-to-compile-and-use-commoncrypto-for-ios-4

@rlalwani

Rob, yes.

I had to include CommonKeyDerivation.c, CommonKeyDerivation.h, CommonKeyDerivationPriv.h in my Xcode project, but that was enough – because it seems other supporting/underlying functions needed by CCKeyDerivationPBKDF are already included in iOS4 CommonCrypto.

So, now CCKeyDerivationPBKDF is available on iOS4 devices.

It seems only about 45% or so users have upgraded to iOS5 - so restricting the app to iOS5 would be too restricting.

@rnapier
Owner

I've never seen a number that low in 2012. That's about the number of people who switched by November or December of last year. Many important apps have gone iOS5-only. It's fine that you've chosen to support iOS4, but it's nowhere near 45% in general. Your specific market may be different, but the general market has upgraded.

@rlalwani

Rob, what numbers do you see or hear now? Can you point to any sources?

@rnapier
Owner

Your 45% number is about equal to the 40% number reported last Nov: http://www.mactrast.com/2011/11/nearly-40-of-all-iphones-are-already-running-ios-5/.

Instapaper went iOS5-only in March to little customer push-back.

Pxldot claims 75% iOS 5. http://pxldot.com/post/18754186750/ios-ebb-and-flow

David Smith claims ~80% in March. http://david-smith.org/blog/2012/03/10/ios-5-dot-1-upgrade-stats/index.html

These aren't scientific; Apple won't give us the best numbers. But there's no way the answer is 45% for 5+ in April, 2012.

@rlalwani

Thanks Rob. If the iOS 5 numbers are in the 75-80% range, that's really awesome.

@barnstar

Other than the PBPKF functions, the only other iOS 5 function used is CCCryptorCreateWithMode(). Replacing this with the older CCCryptorCreate() in the readStream:stream:maxLength method would allow this to be used in iOS4.

@rnapier
Owner

The move to CCCryptorCreate() also forces it back to AES-CBC, which is less secure than AES-CTR (this is why CCCryptorCreateWithMode is used). The padding oracle attack isn't a huge issue in most of the uses that RNCryptor is likely to encounter, but I had hoped to move the bar forward. My solution will likely be to provide a different cryptor (which is why I built the system to allow multiple cryptor configurations).

@rnapier rnapier closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.