Security of Mac Keychain, Filevault
Steven Bellovin
smb at cs.columbia.edu
Sun Nov 1 22:32:32 EST 2009
On Oct 29, 2009, at 11:25 PM, Jerry Leichter wrote:
> A couple of days ago, I pointed to an article claiming that these
> were easy to break, and asked if anyone knew of security analyses of
> these facilities.
>
> I must say, I'm very disappointed with the responses. Almost
> everyone attacked the person quoted in the article. The attacks
> they assumed he had in mind were unproven or unimportant or
> insignificant. Gee ... sounds *exactly* like the response you get
> from companies when someone finds a vulnerability in their
> products: It's not proven; who is this person anyway; even if there
> is an attack, it isn't of any practical importance.
Unfortunately, there's no better response here.
At time T, someone will assert that "X is insecure", and that products
exist -- commercial and freeware -- to crack it. This person supplies
no evidence except for an incomplete list of products to support the
assertion. What do I now know that I didn't know before?
One way to judge is by reputation. If, say, Adi Shamir says it, I'm
very inclined to believe it, even without wading through the technical
details. If the posting comes from a notorious crank, I'll likely
discard the message unread because cranks tend to misread technical
papers. If it's someone I've never heard of, I have to make the
decision based on the evidence presented and what I already know.
What was the evidence here?
The article made no verifiable or falsifiable technical statements, so
there's nothing to evaluate in that respect. I've never heard of any
freeeware to crack Filevault; given the familiarity of the readership
of this list in the aggregate with the free software world, it seems
unlikely that such software exists. He did point to some commercial
software to attack Filevault, but it works by password guessing. For
his business -- forensic analysis -- I suspect that that technique is
extremely useful; I doubt that anyone on this list would disagree.
But that's not the same as a flaw in MacOS.
Beyond that, we're left with *no* new information. What basis does
this article give us to conclude that Filevault is -- or is not --
insecure? I have no more reason to trust it or distrust it than I had
before reading that article.
A proper evaluation of Filevault would, of course, be a good idea.
But that statement is equally true after the article as before.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list