Security of Mac Keychain, File Vault

Steven Bellovin smb at
Sun Oct 25 21:21:07 EDT 2009

On Oct 24, 2009, at 5:31 PM, Jerry Leichter wrote:

> The article at  
> claims that both are easily broken.  I haven't been able to find any  
> public analyses of Keychain, even though the software is open-source  
> so it's relatively easy to check.  I ran across an analysis of File  
> Vault not long ago which pointed out some fairly minor nits, but  
> basically claimed it did what it set out to do.
> The article makes a bunch of other claims which aren't obviously  
> unreasonable.
> Anyone one know of more recent analysis of Mac encryption stuff?   
> (OS bugs/security holes are a whole other story....)

The article specifically mentions Mac Marshall for attacking  
FileVault, but from the descriptions of it I can find it's just doing  
password guessing.

		--Steve Bellovin,

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list