The article "Securing the Dropbox Client" in MacTech Issue 351 contains multiple security errors and cryptography min-uses.
This article WRT cryptography has many technical errors as well as the associated code, especially file "FooTriageMasterViewController+SecureTriage.m" has serious security errors. Errors including using 3DES, SHA256 for key derivation, no iv, no padding and ignoring CCCrypt errors.
The information in the article WRT cryptography and also in the supplied code should not be used as a template for further code.
I suggest that corrections are necessary for the article and the code should be corrected on the ftp site. The article and code needs a security review by a cryptographic security domain expert, either certified (CISSP) or well known to the developer community.
My concern is that developers will follow the practices in this article and create terrible in-secure applications.
Xplain's use of MacNews, AppleCentral and AppleExpo are not affiliated with Apple, Inc. MacTech is a registered trademark of Xplain Corporation. AppleCentral, MacNews, Xplain, "The journal of Apple technology", Apple Expo, Explain It, MacDev, MacDev-1, THINK Reference, NetProfessional, MacTech Central, MacTech Domains, MacForge, and the MacTutorMan are trademarks or service marks of Xplain Corp. Sprocket is a registered trademark of eSprocket Corp. Other trademarks and copyrights appearing in this printing or software remain the property of their respective holders.
All contents are Copyright 1984-2010 by Xplain Corporation. All rights reserved. Theme designed by Icreon.