[145011] in cryptography@c2.net mail archive
Re: Security of Mac Keychain, Filevault
daemon@ATHENA.MIT.EDU (Jeffrey I. Schiller)
Mon Nov 2 22:02:07 2009
Date: Mon, 2 Nov 2009 17:36:07 -0500 (EST)
From: "Jeffrey I. Schiller" <jis@mit.edu>
To: Jerry Leichter <leichter@lrw.com>
Cc: Cryptography List <cryptography@metzdowd.com>,
Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <69AEA4C3-052A-4926-8C2B-DD2B3FDA93DC@lrw.com>
----- "Jerry Leichter" <leichter@lrw.com> wrote:
> for iPhone's and iPod Touches, which are regularly used to hold =20
> passwords (for mail, at the least).
I would not (do not) trust the iPhone (or iPod Touch) to protect a
high value password. Or more to the point I would change any such
password if my iPhone went unaccounted for.
In the case of the Mac Keychain and Filevault, if implemented
correctly, the security hinges on a secret that you know. Pick a good
secret (high entropy) and you are good. Pick a poor one, well...
However the iPhone=E2=80=99s keychain is not encrypted in a password. Inste=
ad
it is encrypted in a key derived from the hardware. The iPhone
Dev-Team, the folks who regularly jail break the iPhone, seem to have
little problem deriving keys from the phone! Note: Setting a phone
lock password doesn=E2=80=99t prevent me from accessing the phone using the
various jail breaking tools. Presumably once I have control of the
phone, I have access to any of the keys on it.
=09=09=09-Jeff
--=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Jeffrey I. Schiller
MIT Network Manager/Security Architect
PCI Compliance Officer
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis@mit.edu
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
