password safes for mac
Jacob Appelbaum
jacob at appelbaum.net
Tue Jun 30 02:29:48 EDT 2009
Ivan Krsti? wrote:
> On Jun 27, 2009, at 6:57 PM, Perry E. Metzger wrote:
>> Does anyone have a recommended encrypted password storage program for
>> the mac?
>
>
> System applications and non-broken 3rd party applications on OS X store
> credentials in Keychain, which is a system facility for keeping secrets.
> Your user keychain is encrypted with your login password, and items in
> it have application-level ACLs ("this credential can only be read by
> these applications"). The definition of "application" for the purpose of
> Keychain ACLs is derived from OS X code signing, so if someone tampers
> with one of your apps on disk, the resulting application won't get
> access to Keychain until you explicitly approve it.
>
> You can inspect and modify your keychain with the Keychain Access
> application, which also allows you to add your own items.
>
This would be great if LoginWindow.app didn't store your unencrypted
login and password in memory for your entire session (including screen
lock, suspend to ram and hibernate).
I keep hearing that Apple will close my bug about this and they keep
delaying. I guess they use the credentials in memory for some things
where they don't want to bother the user (!) but they still want to be
able to elevate privileges.
Best,
Jacob
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list