[144897] in cryptography@c2.net mail archive
Re: FileVault on other than home directories on MacOS?
daemon@ATHENA.MIT.EDU (Jacob Appelbaum)
Mon Sep 28 19:37:46 2009
Date: Fri, 25 Sep 2009 01:26:22 -0700
From: Jacob Appelbaum <jacob@appelbaum.net>
To: =?UTF-8?B?SXZhbiBLcnN0acSH?= <krstic@solarsail.hcs.harvard.edu>
CC: Darren J Moffat <Darren.Moffat@Sun.COM>,
Steven Bellovin <smb@cs.columbia.edu>,
cryptography@metzdowd.com
In-Reply-To: <B562B4E5-AA32-4A52-AF62-590E98A90507@solarsail.hcs.harvard.edu>
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigB2CC9ABB63FEBA7460349D79
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Ivan Krsti=C4=87 wrote:
> On Sep 22, 2009, at 5:57 AM, Darren J Moffat wrote:
>> There is also a sleep mode issue identified by the NSA
>=20
> Unlike FileVault whose keys (have to) persist in memory for the duratio=
n
> of the login session, individual encrypted disk images are mounted on
> demand and their keys destroyed from memory on unmount.
The devil is in the details. If you use your default keychain to unlock
a disk, I believe the _passphrase_ is still stored by LoginWindow.app in
plain text... So even if they destroyed keying material properly (do
they? Is there source we can review for how FV works?) when the disk
isn't in use, I somehow doubt that it's really safe to use FileVault in
some circumstances against some attackers. Especially if you have a
laptop and especially if you didn't turn on encrypted swap. Also
especially if you happened to use the encrypted swap feature when it
wasn't working. The list of hilarious bugs goes on and on.
(The LoginWindow.app bug is as old as the hills and I'm one of a dozen
people to have reported it, I bet. Apple still hasn't fixed it because
they rely on a users password being in memory to escalate privileges
without interacting with the user! I hear they're working on a fix but
that it's difficult because many systems rely on this "feature.")
I haven't been working on or thinking about VileFault much but I suppose
that we probably could add support for sparse bundles if someone wanted.
I've been bugging Apple for some specifications and so far, it's been
years without a real response.
Most of what we know is in VileFault:
http://code.google.com/p/vilefault/
It would be really awesome if Apple would open up all of this code or at
least publish a specification for how it works. With either we could
have a Fuse file system module to support these disk images on other
platforms...
Best,
Jacob
--------------enigB2CC9ABB63FEBA7460349D79
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iD8DBQFKvH6wuIQakZ0PrOQRCq9MAJ9Z2JDUMO+2xvcL6dRMpvdZkbF7sACfeIcF
n/crBsMO/pK+NML3HeiDjdo=
=XuUA
-----END PGP SIGNATURE-----
--------------enigB2CC9ABB63FEBA7460349D79--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
