What encryption algorithm does the iOS keychain use to protect data?

"Security through obscurity" means relying on obscurity to achieve security. It does not mean you are insecure just because you do not advertise your security mechanisms to the world.

Apple presumably wants the freedom to change the implementation of the keychain, so its encryption is not part of its specification because it does not need to be.

That said, I seriously doubt Apple uses 3DES, because they actually know what they are doing. I would give 10-to-1 odds they use AES.

An authoritative answer can probably only come from Apple or from someone who has disassembled their code.

According to this official Apple webpage :

Keychain items are encrypted using two different AES-256-GCM keys: a table key (metadata), and a per-row key (secret-key).

UPDATE: Update from May 2019. Encryption changed from 128 to 256.

According to the keychain documentation Keychain services and other Mac OS X security APIs are built on the open source Common Data Security Architecture (CDSA) and its programming interface, Common Security Services Manager (CSSM).

More information on that here

The discussion thread here quotes from official apple documentation (currently defunkt) stating;

All the password data in the keychain is protected using the Triple Digital Encryption Standard (3DES).

I'll see if I can turn up anything more current / definitive.

UPDATE:

OK there is a copy of an official OSX document here that does confirm the 3DES, however I agree that the implementation is likely to be subject to change.

Whether this also applies to iOS would also require verification, however given the harmonisation of iOS and Lion, I suspect it is more likely than not.