The article "Securing the Dropbox Client" in MacTech Issue 351 contains multiple security errors and cryptography min-uses.

This article WRT cryptography has many technical errors as well as the associated code, especially file "FooTriageMasterViewController+SecureTriage.m" has serious security errors. Errors including using 3DES, SHA256 for key derivation, no iv, no padding and ignoring CCCrypt errors.

The information in the article WRT cryptography and also in the supplied code should not be used as a template for further code.

I suggest that corrections are necessary for the article and the code should be corrected on the ftp site. The article and code needs a security review by a cryptographic security domain expert, either certified (CISSP) or well known to the developer community.

My concern is that developers will follow the practices in this article and create terrible in-secure applications.