Security of Mac Keychain, File Vault

Marcus Brinkmann marcus.brinkmann at
Mon Oct 26 05:32:46 EDT 2009

Jerry Leichter wrote:
> The article at claims
> that both are easily broken.  I haven't been able to find any public
> analyses of Keychain, even though the software is open-source so it's
> relatively easy to check.  I ran across an analysis of File Vault not
> long ago which pointed out some fairly minor nits, but basically claimed
> it did what it set out to do.
> The article makes a bunch of other claims which aren't obviously
> unreasonable.
> Anyone one know of more recent analysis of Mac encryption stuff?  (OS
> bugs/security holes are a whole other story....)

The last page of the article has references and this:

"MacMarshal. The best Mac tool I ve seen so far, it is right now the number 1
Mac tool. MacMarshall can parse user account information , Address Book,
Safari, iChat, and can even crack File Vault. This is free to Law Enforcement."

But on another page we find:

"Cracking FileVault is a bit of a misnomer. As of this writing, here is not a
known flaw in the 128 bit AES encryption that is being used. When attempting
to open a FileVault encrypted Home directory, there are two methods which can
be used:

Brute Force
Brute Force with a dictionary attack


Much faster utilities such as crowbarDMG and Mac Marshal are now available
which will give you speeds Spartan will never attain in its current form."

So, this seems to be all about dictionary attacks.

More troublesome is the claim by the forensic expert that the best tool to
analyze a mac filesystem is a mac, which he just proclaimed as insecure.  This
calls for a disaster: A trojan that targets forensic examiners...

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list