我打算使用一次性口令encription为服务器和客户端（这是一个移动应用程序）之间的交际。但我需要硬code在移动应用程序的关键。因此，通过不同的用户安装了所有我的移动应用程序将具有相同的密钥。

I plan on using One-Time Password encription for the comunication between the server and the client(which is a mobile app). But I need to hardcode the key in the mobile App. So all my mobile Apps installed by different users will have the same key.

多么容易反向工程的构建Android和iOS和extrat硬codeD值？

How easy is to reverse engineer on the builds for Android and iOS and extrat the hardcoded value?

有关安全一些其他的信息来源，我计划：我还计划通过发送每个用户短信与将用于登录请求的4位数字增加额外的安全性。这样我可以保证用户是谁pretends是。

some other infomation about the security I plan: I plan also to add extra security by sending each user an SMS with a 4 digit number that will be used to sign requests. This way I can assure that the user is who pretends to be.

我送过来了互联网用户的位置，他的电话号码（一次），他的名字（一次）。

I send over the internet the user's position, his phone number(once), his name(once).

你觉得我的IDEEA，并且你会recommnd？

What do you think about my ideea, and what would you recommnd?

推荐答案

一般来说，如果你要问关于生产code设计自己的加密方案的问题，你不应该在设计生产自己的加密方案code（你应该的从不硬codeA的一次的密码到一个应用程序，因为这意味着它正在使用一个以上的时间）。

Generally, if you have to ask questions about designing your own encryption scheme in production code, you shouldn't be designing your own encryption scheme in production code (and you should never hard code a one time password into an app, as that implies it's being used more than one time).

双因素身份验证是好的，但你用的应该是实际的加密相当著名。如果你正在寻找嵌入某种到应用程序的关键，你可能想寻找到一个公钥加密方案，像的 RSA 。加密套件如 SSL 可能是适当的系统用在这里。

Two factor authentication is good, but the actual encryption you use should be something fairly well known. If you're looking to embed a key of some kind into the app, you might want to look into a public key cryptography scheme, like RSA. An encryption suite like SSL is probably the appropriate system to use here.