[144987] in cryptography@c2.net mail archive
Re: Security of Mac Keychain, File Vault
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Mon Oct 26 21:52:34 2009
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <538BE49A-C3DF-49EF-9D3B-FC63C2FB2860@lrw.com>
Date: Sun, 25 Oct 2009 21:21:07 -0400
Cc: Cryptography List <cryptography@metzdowd.com>
To: Jerry Leichter <leichter@lrw.com>
On Oct 24, 2009, at 5:31 PM, Jerry Leichter wrote:
> The article at http://www.net-security.org/article.php?id=1322
> claims that both are easily broken. I haven't been able to find any
> public analyses of Keychain, even though the software is open-source
> so it's relatively easy to check. I ran across an analysis of File
> Vault not long ago which pointed out some fairly minor nits, but
> basically claimed it did what it set out to do.
>
> The article makes a bunch of other claims which aren't obviously
> unreasonable.
>
> Anyone one know of more recent analysis of Mac encryption stuff?
> (OS bugs/security holes are a whole other story....)
The article specifically mentions Mac Marshall for attacking
FileVault, but from the descriptions of it I can find it's just doing
password guessing.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
