Security of Mac Keychain, Filevault
Marcus Brinkmann
marcus.brinkmann at ruhr-uni-bochum.de
Tue Nov 3 19:55:59 EST 2009
I think we have a problem of the Wittgenstein type here.
Jerry Leichter wrote:
> People who say they've looked People who claim Keychain
> can be
> Keychain and believe it's good broken easily
We don't know what's meant by "good" or "broken easily" here. Again and again
this is true: In the absence of a threat model it is useless to evaluate a
(in)security claim.
> But even in *this* last world ... doesn't it bother people that all we
> have is a "trust us" from Apple? Yes, as I acknowledged, Apple's track
> record is pretty good here - but it's *not* unblemished.
I don't get it. You posted an article that makes no verifiable claim, and the
response was an appropriate shoulder shrug with a possible interpretation of
what the claim was supposed to be. That's the best we can possibly do. Had
you asked a different question you would have gotten a different answer. I
don't think you will find many people here who would not agree that more
information and cryptanalysis of filevault and keychain would be good to have.
Thanks,
Marcus
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list