[145027] in cryptography@c2.net mail archive
Re: Security of Mac Keychain, Filevault
daemon@ATHENA.MIT.EDU (Marcus Brinkmann)
Fri Nov 6 10:47:13 2009
Date: 4 Nov 2009 01:55:59 +0100
From: "Marcus Brinkmann" <marcus.brinkmann@ruhr-uni-bochum.de>
To: "Jerry Leichter" <leichter@lrw.com>
Cc: "Steven Bellovin" <smb@cs.columbia.edu>,
"Cryptography List" <cryptography@metzdowd.com>
In-Reply-To: <69AEA4C3-052A-4926-8C2B-DD2B3FDA93DC@lrw.com>
I think we have a problem of the Wittgenstein type here.
Jerry Leichter wrote:
> People who say they've looked People who claim Keychain
> can be
> Keychain and believe it's good broken easily
We don't know what's meant by "good" or "broken easily" here. Again and again
this is true: In the absence of a threat model it is useless to evaluate a
(in)security claim.
> But even in *this* last world ... doesn't it bother people that all we
> have is a "trust us" from Apple? Yes, as I acknowledged, Apple's track
> record is pretty good here - but it's *not* unblemished.
I don't get it. You posted an article that makes no verifiable claim, and the
response was an appropriate shoulder shrug with a possible interpretation of
what the claim was supposed to be. That's the best we can possibly do. Had
you asked a different question you would have gotten a different answer. I
don't think you will find many people here who would not agree that more
information and cryptanalysis of filevault and keychain would be good to have.
Thanks,
Marcus
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
