R – Storing a passwords in NSString without being readable in memory

cocoaiphonensstringpasswordssecurity

I need to store passwords in NSString objects; however, I would like some way to obfuscate them, so they cannot be read directly from memory.

This is a Mac OS X (10.5) application, but a solution that also works on iPhone would be much appreciated.

Best Solution

If you use the keychain for storing passwords then instead of passing strings around you could handle the opaque keychain SecKeychainItemRefs, only retrieving plaintext at the point where it's required. That's also the way Mac users expect their passwords to be dealt with. Unfortunately without knowing why you "need to store passwords in NSString objects" I can't tell if that's really true :-)