On Nov 1, 2009, at 10:32 PM, Steven Bellovin wrote:
On Oct 29, 2009, at 11:25 PM, Jerry Leichter wrote:
A couple of days ago, I pointed to an article claiming that these
were easy to break, and asked if anyone knew of security analyses
of these facilities.
I must say, I'm very disappointed with the responses. Almost
everyone attacked the person quoted in the article. The attacks
they assumed he had in mind were unproven or unimportant or
insignificant. Gee ... sounds *exactly* like the response you get
from companies when someone finds a vulnerability in their
products: It's not proven; who is this person anyway; even if
there is an attack, it isn't of any practical importance.
Unfortunately, there's no better response here.
At time T, someone will assert that "X is insecure", and that
products exist -- commercial and freeware -- to crack it. This
person supplies no evidence except for an incomplete list of
products to support the assertion. What do I now know that I didn't
know before?...
A couple of others wrote to me privately with the same general thought.
I see I'm still not managing to make my point. Suppose the world were
as in the following diagram:
People who say they've looked People who claim
Keychain can be
Keychain and believe it's good broken easily
---------------------------------------------------------------------------------------------------------------------
Apple
Some unknown guy who sells
Adi Shamir
products for analyzing Macs
Neils Ferguson
Bruce Schneier
Steven Bellovin
John Gilmore
Perry Metzger
Then I'd agree that there's not much to talk about. But that doesn't
happen to be the world we live in. Instead, the world we live in is
described by the following diagram:
People who say they've looked People who claim
Keychain can be
Keychain and believe it's good broken easily
---------------------------------------------------------------------------------------------------------------------
Apple
Some unknown guy who sells
products for analyzing Macs
Now, this isn't all that different from the following world:
People who say they've looked People who claim
Keychain can be
Keychain and believe it's good broken easily
---------------------------------------------------------------------------------------------------------------------
Apple
- though to assert it's *identical* when we have *no* information
about the person making the claim is a bit much. Having *no*
reputation isn't the same as having a reputation for being a shill or
an incompetent.
But even in *this* last world ... doesn't it bother people that all we
have is a "trust us" from Apple? Yes, as I acknowledged, Apple's
track record is pretty good here - but it's *not* unblemished.
I've actually tried to look at Keychain, but most of the guts are
built on the Apple crypto provider framework, which is quite a large
collection of code to digest with no previous knowledge. So I didn't
get anywhere interesting in the time I was in a position to invest.
I've been referring specifically to Keychain, about which there
appears to be nothing at all published. But the situation is only
slightly better - a single 2+ year old paper - for encrypted disk
images in general an Filevault in particular. And it's also the same
for iPhone's and iPod Touches, which are regularly used to hold
passwords (for mail, at the least).
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com