Security of Mac Keychain, Filevault

[Jerry Leichter]

A couple of days ago, I pointed to an article claiming that these were  
easy to break, and asked if anyone knew of security analyses of these  
facilities.

I must say, I'm very disappointed with the responses.  Almost everyone  
attacked the person quoted in the article.  The attacks they assumed  
he had in mind were unproven or unimportant or insignificant.  Gee ...  
sounds *exactly* like the response you get from companies when someone  
finds a vulnerability in their products:  It's not proven; who is this  
person anyway; even if there is an attack, it isn't of any practical  
importance.

Meanwhile, I know many of us on this list use Macs, and many of us  
rely on keychain and Filevault, or at least on encrypted disk images.   
On what rational basis do we rely these?  The only analysis of  
Filevault that I know of is Applebaum and Weinmann's http://crypto.nsa.org/vilefault/23C3-VileFault.pdf 
, which dates back to 2006, two releases of Mac OS ago.  (It found the  
basic mechanisms sound, with some problems around the edges.)  I'm not  
aware of any analyses of Keychain, although key chains can be  
extremely high-value.  If no one on this list is aware of any  
analyses, I'd guess they just don't exist.

Over all, Apple's designs and implementations of security code have  
been good, but hardly perfect.  (Witness the recent questionable  
implementation of encryption on the iPhone 3GS.)  So these are  
legitimate issues.  Meanwhile, I'm sure many of us have potentially  
high-value passwords - like our Mobile Me password - stored in our  
iPhones and iPod Touches.  How safe is that?  I have yet to see any  
analysis of that question either (though I suspect the answer is "not  
very").
                                                         -- Jerry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com