Steven Bellovin
Mon, 26 Oct 2009 18:52:45 -0700
On Oct 24, 2009, at 5:31 PM, Jerry Leichter wrote:
The article at http://www.net-security.org/article.php?id=1322 claims that both are easily broken. I haven't been able to find any public analyses of Keychain, even though the software is open-source so it's relatively easy to check. I ran across an analysis of File Vault not long ago which pointed out some fairly minor nits, but basically claimed it did what it set out to do.The article makes a bunch of other claims which aren't obviously unreasonable.Anyone one know of more recent analysis of Mac encryption stuff? (OS bugs/security holes are a whole other story....)
The article specifically mentions Mac Marshall for attacking FileVault, but from the descriptions of it I can find it's just doing password guessing.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com