[144533] in cryptography@c2.net mail archive
Re: password safes for mac
daemon@ATHENA.MIT.EDU (=?UTF-8?Q?Ivan_Krsti=C4=87?=)
Sun Jun 28 17:05:14 2009
Cc: cryptography@metzdowd.com
From: =?UTF-8?Q?Ivan_Krsti=C4=87?= <krstic@solarsail.hcs.harvard.edu>
To: "Perry E. Metzger" <perry@piermont.com>
In-Reply-To: <87iqihp1bg.fsf@snark.cb.piermont.com>
Date: Sun, 28 Jun 2009 13:05:23 -0700
On Jun 27, 2009, at 6:57 PM, Perry E. Metzger wrote:
> Does anyone have a recommended encrypted password storage program for
> the mac?
System applications and non-broken 3rd party applications on OS X =20
store credentials in Keychain, which is a system facility for keeping =20=
secrets. Your user keychain is encrypted with your login password, and =20=
items in it have application-level ACLs ("this credential can only be =20=
read by these applications"). The definition of "application" for the =20=
purpose of Keychain ACLs is derived from OS X code signing, so if =20
someone tampers with one of your apps on disk, the resulting =20
application won't get access to Keychain until you explicitly approve =20=
it.
You can inspect and modify your keychain with the Keychain Access =20
application, which also allows you to add your own items.
--
Ivan Krsti=C4=87 <krstic@solarsail.hcs.harvard.edu> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
