Check pin without leaving the iOS Keychain

Question

I have a user pin stored in the iOS Keychain. For every pin attempt, I use SecItemCopyMatching to retrieve the reference pin, and then do the comparison.

The problem is that, for a short amount of time, the retrieved reference pin enters the app's working memory. If the phone is compromised, the reference pin can potentially be read off.

Is there a way to pass the pin attempt to the Keychain and have the Keychain do the comparison with the reference pin in its secure environment? (Can the Secure Element do that kind of stuff?)

Answer 1

I think this could help you reaching the final answer as 1Password is facing the same issue.

https://guides.agilebits.com/kb/security/en/topic/touch-id-pin-code-and-ios-keychain

But based on what I read, what you want to achieve is not possible for now. The closest information I could find was this one:

What is the correct way to clear sensitive data from memory in iOS?

and this one:

Sensitive Data In Memory

Where you can read:

If your adversary has the ability to run arbitrary code on your target machine (with the debug privileges required to dump a process image), you are all sorts of screwed.

So my answer is : No, you can't check pin without leaving the iOS Keychain.

Answer 2

You can have an item named as hashed pin, then you can check whether the items exists when the user enters a pin after hashing it.

You may need to clean the item from keychain when the pin changes.

Answer 3

In general, you store a one-way hash of the password with a salt, not the actual password. To verify, add the salt, hash the string, compare against the stored hash, and if it matches, it's verified.

The strength then, is the strength of the algorithm, the salt, and the password.

Answer 4

no it can't be done the way you propose. the keychain is a storage

but is it really a problem if the item is in volatile memory?
I mean.. if the keychain is open it already is in the memory (at least while the check is done)