Security of Mac Keychain, Filevault

Marcus Brinkmann marcus.brinkmann at
Tue Nov 3 19:55:59 EST 2009

I think we have a problem of the Wittgenstein type here.

Jerry Leichter wrote:
> People who say they've looked                People who claim Keychain
> can be
> Keychain and believe it's good                    broken easily

We don't know what's meant by "good" or "broken easily" here.  Again and again
this is true: In the absence of a threat model it is useless to evaluate a
(in)security claim.

> But even in *this* last world ... doesn't it bother people that all we
> have is a "trust us" from Apple?  Yes, as I acknowledged, Apple's track
> record is pretty good here - but it's *not* unblemished.

I don't get it.  You posted an article that makes no verifiable claim, and the
response was an appropriate shoulder shrug with a possible interpretation of
what the claim was supposed to be.  That's the best we can possibly do.  Had
you asked a different question you would have gotten a different answer.  I
don't think you will find many people here who would not agree that more
information and cryptanalysis of filevault and keychain would be good to have.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list