Security of Mac Keychain, Filevault

Marcus Brinkmann marcus.brinkmann at ruhr-uni-bochum.de
Tue Nov 3 19:55:59 EST 2009


I think we have a problem of the Wittgenstein type here.

Jerry Leichter wrote:
> People who say they've looked                People who claim Keychain
> can be
> Keychain and believe it's good                    broken easily

We don't know what's meant by "good" or "broken easily" here.  Again and again
this is true: In the absence of a threat model it is useless to evaluate a
(in)security claim.

> But even in *this* last world ... doesn't it bother people that all we
> have is a "trust us" from Apple?  Yes, as I acknowledged, Apple's track
> record is pretty good here - but it's *not* unblemished.

I don't get it.  You posted an article that makes no verifiable claim, and the
response was an appropriate shoulder shrug with a possible interpretation of
what the claim was supposed to be.  That's the best we can possibly do.  Had
you asked a different question you would have gotten a different answer.  I
don't think you will find many people here who would not agree that more
information and cryptanalysis of filevault and keychain would be good to have.

Thanks,
Marcus

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list