Security of Mac Keychain, Filevault
Jerry Leichter
leichter at lrw.com
Mon Nov 2 20:41:04 EST 2009
On Nov 2, 2009, at 5:36 PM, Jeffrey I. Schiller wrote:
> ----- "Jerry Leichter" <leichter at lrw.com> wrote:
>> for iPhone's and iPod Touches, which are regularly used to hold
>> passwords (for mail, at the least).
>
> I would not (do not) trust the iPhone (or iPod Touch) to protect a
> high value password.
There are two problems with this: So many of the things you'd really
like to be able to do with your iPhone/Touch/other smart phone require
a key whose value is very difficult to calculate (e.g., just what
would you lose if someone could read all your mail?); and services
increasing bundle all kinds of things together under one password.
For example, all your Google services use the same password; and your
Apple Mobile Me mail password is also the key to such things as you
contact list (if you sync it) and Back To My Mac (which I now disable,
useful as it might be, for just this reason) and your iTunes store
account. You can dissociate some of these, directly or indirectly,
but the services assume they are tied together and don't work nearly
as well if you do that. The trend is for this to get worse, with
network-wide shared authentication via OpenID or whatever other
standard catches on.
> Or more to the point I would change any such
> password if my iPhone went unaccounted for.
Oh, absolutely.
> In the case of the Mac Keychain and Filevault, if implemented
> correctly, the security hinges on a secret that you know.
And you know this ... how? Have you, or anyone you know, vetted the
design? Sure, *if* it's all implemented correctly, it maintains
*some* set of security properties. Do you even know what those are?
I know I don't....
> Pick a good
> secret (high entropy) and you are good. Pick a poor one, well...
>
> However the iPhone’s keychain is not encrypted in a password. Instead
> it is encrypted in a key derived from the hardware. The iPhone
> Dev-Team, the folks who regularly jail break the iPhone, seem to have
> little problem deriving keys from the phone! Note: Setting a phone
> lock password doesn’t prevent me from accessing the phone using the
> various jail breaking tools. Presumably once I have control of the
> phone, I have access to any of the keys on it.
That would be my assumption, too.
As the value of the information in smartphones grows daily, their
vulnerabilities will be more and more of a problem. Remote wipe -
assuming it really destroys the data - helps against loss, but does
nothing against a deliberate, targeted attack, which can probably copy
all the data within minutes. We need some new thinking here. One
possible approach, based on an idea IBM played with a couple of years
back but that as far as I know never made it into a product: Build a
Bluetooth-connected ring or key fob that must be physically quite
close to the device to keep it unlocked. IBM did this for laptops,
and just locked the screen. For a smartphone, you'd want the phone
and the fob to mutually authenticate, and then the fob would transfer
a key that could be used to unlock critical data on the phone. When
the fob goes out of range, the phone wipes the key and all decrypted
data. One can certainly come up with attacks on this - even so simple
as the smart mugger scenario: Give me your phone and your fob - but
it raises the bar, with minimal inconvenience in normal use.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list