Regarding certain properties of the OS 9 crypto:
*) Introducing crypto to the masses
If they're putting crypto on the desktop that "the rest of us" can use, my
hat goes off to them. Netscape pioneered "crypto to the masses" by hiding
the operations entirely. If Apple has taken the next step and integrated
crypto into file handling and retrieval, then the long term benefits
outweigh many of the risks inherent in the weaknesses. But I reserve
judgement till I've actually used the mechanisms. If it's not much better
than the PGP interface, then I'm not impressed.
*) 56 bit crypto.
This is the data security equivalent of locks on offices. It slows the bad
guys down, and in many cases is enough of a deterrent. We all realize, of
course, that office locks represent a balance of security and economy. 56
bit keys represent a balance of security and politics. There is obviously
no *technical* reason to use 56 bits when stronger and more efficient
alternatives exist.
I would quibble with the claim on Apple's web site that this represents
"industrial strength" encryption. Maybe it does, but in the same way that
black and white images at 300dpi represent "industrial strength" desktop
publishing (i.e. many Macintoshes ago).
*) No option for domestic strong crypto alternatives.
This doesn't surprise me in a home and school commercial product. It's
expensive to maintain multiple releases and to manage distribution so that
they don't export the wrong thing. Yes, it's doable. But it ain't just a
walk in the park. And it is true, as they say, that 56 bits is stronger
than what is used in "many" e-commerce applications (i.e. lots of sites
accept 40 bit RC4).
*) Passwords ("passphrases") to carry the keying material.
This immediately renders the use of even 56 bit keys pretty irrelevant.
There's supposed to be about 1 or 1.5 bits of entropy in every character of
English text. So the dialog box they show on their web site doesn't allow
for much entropy. I wish there'd been something in there about smart card
integration.
*) The problem of scrubbing temp files.
This was the downfall of several products that tried for NSA endorsement in
the '80s. Anyone with an undelete utility can search for plaintext versions
of the encrypted file, either as temp files or as earlier plaintext
versions. This makes the file encryption feature pretty useless for
confidentiality, except for files transmitted elsewhere. It certainly
doesn't address the physical security problem described on their Web page,
except that it acts like an "office door lock."
IMHO, the safest way to do this is to encrypt *volumes* instead of files.
Every so often someone implements "virtual volumes" within the Mac file
system. This is another case where it would be a Good Thing. If everything
on the volume is encrypted, you deal with the temp files and deleted
versions as well as the recognized Secret Stuff.
So, overall, I'm thrilled that Apple is doing this. The first release (like
most first releases) will have lots of shortcomings. But let's give Apple
the chance to take security seriously enough to fix the major holes. At the
very least, people have a better opportunity to experience various flaws
firsthand.
Rick.
[EMAIL PROTECTED]
"Internet Cryptography" at http://www.visi.com/crypto/
