Ivan Krstić wrote:
> On Sep 22, 2009, at 5:57 AM, Darren J Moffat wrote:
>> There is also a sleep mode issue identified by the NSA
> Unlike FileVault whose keys (have to) persist in memory for the duration
> of the login session, individual encrypted disk images are mounted on
> demand and their keys destroyed from memory on unmount.

The devil is in the details. If you use your default keychain to unlock
a disk, I believe the _passphrase_ is still stored by LoginWindow.app in
plain text... So even if they destroyed keying material properly (do
they? Is there source we can review for how FV works?) when the disk
isn't in use, I somehow doubt that it's really safe to use FileVault in
some circumstances against some attackers. Especially if you have a
laptop and especially if you didn't turn on encrypted swap. Also
especially if you happened to use the encrypted swap feature when it
wasn't working. The list of hilarious bugs goes on and on.

(The LoginWindow.app bug is as old as the hills and I'm one of a dozen
people to have reported it, I bet. Apple still hasn't fixed it because
they rely on a users password being in memory to escalate privileges
without interacting with the user! I hear they're working on a fix but
that it's difficult because many systems rely on this "feature.")

I haven't been working on or thinking about VileFault much but I suppose
that we probably could add support for sparse bundles if someone wanted.
I've been bugging Apple for some specifications and so far, it's been
years without a real response.

Most of what we know is in VileFault:

It would be really awesome if Apple would open up all of this code or at
least publish a specification for how it works. With either we could
have a Fuse file system module to support these disk images on other


Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to