Is it safe to store cryptographic passwords in my app?
I need to generate a SHA-256 with salt which I will use for each server request to verify the user. Is it safe to store the salt within my app?
I know that Titanium converts javascript to objective-c and that the app IPA file is encrypted. But I also know that you can decrypt an IPA. What happens then? Would it be difficult to find my salt passphrase?
PS - I have ported over a HMAC SHA-256 javascript quite nicely to titanium.
2 Answers
-
I would like to know the same, is it safe? Any chance that you would share your HMAC SHA-256 solution?
-
double post