[144539] in cryptography@c2.net mail archive
Re: password safes for mac
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Tue Jun 30 11:53:14 2009
Cc: "Perry E. Metzger" <perry@piermont.com>,
cryptography@metzdowd.com
From: Jerry Leichter <leichter@lrw.com>
To: =?UTF-8?Q?Ivan_Krsti=C4=87?= <krstic@solarsail.hcs.harvard.edu>
In-Reply-To: <7FC8C642-E8F6-44F3-B691-75D2DD248626@solarsail.hcs.harvard.edu>
Date: Tue, 30 Jun 2009 06:37:39 -0400
On Jun 28, 2009, at 4:05 PM, Ivan Krsti=C4=87 wrote:
>> Does anyone have a recommended encrypted password storage program for
>> the mac?
>
> System applications and non-broken 3rd party applications on OS X =20
> store credentials in Keychain, which is a system facility for =20
> keeping secrets. Your user keychain is encrypted with your login =20
> password....
Which brings up a question I've had about keychain: Keychains can be =20=
synced across Mobile Me, and the login passwords of different machines =20=
that sync their keychains don't have to be the same. How is the key =20
transformation accomplished? Does the central server know all the =20
login keys? Or ... what? It's all very convenient, but the security =20
implications scare me.
Note that for all other keychains, there's no problem just syncing the =20=
encrypted keys, since you have to explicitly enter the password at =20
each machine to unlock the keychain. (I put all my high-value keys in =20=
secondary keychains for this and related reasons.)
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
