Security of Mac Keychain, Filevault

[Jerry Leichter]

On Nov 1, 2009, at 10:32 PM, Steven Bellovin wrote:

>
> On Oct 29, 2009, at 11:25 PM, Jerry Leichter wrote:
>
>> A couple of days ago, I pointed to an article claiming that these  
>> were easy to break, and asked if anyone knew of security analyses  
>> of these facilities.
>>
>> I must say, I'm very disappointed with the responses.  Almost  
>> everyone attacked the person quoted in the article.  The attacks  
>> they assumed he had in mind were unproven or unimportant or  
>> insignificant.  Gee ... sounds *exactly* like the response you get  
>> from companies when someone finds a vulnerability in their  
>> products:  It's not proven; who is this person anyway; even if  
>> there is an attack, it isn't of any practical importance.
>
> Unfortunately, there's no better response here.
>
> At time T, someone will assert that "X is insecure", and that  
> products exist -- commercial and freeware -- to crack it.  This  
> person supplies no evidence except for an incomplete list of  
> products to support the assertion.  What do I now know that I didn't  
> know before?...
A couple of others wrote to me privately with the same general thought.

I see I'm still not managing to make my point.  Suppose the world were  
as in the following diagram:

People who say they've looked				People who claim Keychain can be
Keychain and believe it's good					broken easily
---------------------------------------------------------------------------------------------------------------------
Apple										Some unknown guy who sells
Adi Shamir									products for analyzing Macs
Neils Ferguson
Bruce Schneier
Steven Bellovin
John Gilmore
Perry Metzger

Then I'd agree that there's not much to talk about.  But that doesn't  
happen to be the world we live in.  Instead, the world we live in is  
described by the following diagram:

People who say they've looked				People who claim Keychain can be
Keychain and believe it's good					broken easily
---------------------------------------------------------------------------------------------------------------------
Apple										Some unknown guy who sells
											products for analyzing Macs

Now, this isn't all that different from the following world:

People who say they've looked				People who claim Keychain can be
Keychain and believe it's good					broken easily
---------------------------------------------------------------------------------------------------------------------
Apple										

  - though to assert it's *identical* when we have *no* information  
about the person making the claim is a bit much.  Having *no*  
reputation isn't the same as having a reputation for being a shill or  
an incompetent.

But even in *this* last world ... doesn't it bother people that all we  
have is a "trust us" from Apple?  Yes, as I acknowledged, Apple's  
track record is pretty good here - but it's *not* unblemished.

I've actually tried to look at Keychain, but most of the guts are  
built on the Apple crypto provider framework, which is quite a large  
collection of code to digest with no previous knowledge.  So I didn't  
get anywhere interesting in the time I was in a position to invest.

I've been referring specifically to Keychain, about which there  
appears to be nothing at all published.  But the situation is only  
slightly better - a single 2+ year old paper - for encrypted disk  
images in general an Filevault in particular.  And it's also the same  
for iPhone's and iPod Touches, which are regularly used to hold  
passwords (for mail, at the least).

                                                         -- Jerry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com