Ivan Krstić wrote: > On Sep 22, 2009, at 5:57 AM, Darren J Moffat wrote: >> There is also a sleep mode issue identified by the NSA > > Unlike FileVault whose keys (have to) persist in memory for the duration > of the login session, individual encrypted disk images are mounted on > demand and their keys destroyed from memory on unmount.
The devil is in the details. If you use your default keychain to unlock a disk, I believe the _passphrase_ is still stored by LoginWindow.app in plain text... So even if they destroyed keying material properly (do they? Is there source we can review for how FV works?) when the disk isn't in use, I somehow doubt that it's really safe to use FileVault in some circumstances against some attackers. Especially if you have a laptop and especially if you didn't turn on encrypted swap. Also especially if you happened to use the encrypted swap feature when it wasn't working. The list of hilarious bugs goes on and on. (The LoginWindow.app bug is as old as the hills and I'm one of a dozen people to have reported it, I bet. Apple still hasn't fixed it because they rely on a users password being in memory to escalate privileges without interacting with the user! I hear they're working on a fix but that it's difficult because many systems rely on this "feature.") I haven't been working on or thinking about VileFault much but I suppose that we probably could add support for sparse bundles if someone wanted. I've been bugging Apple for some specifications and so far, it's been years without a real response. Most of what we know is in VileFault: http://code.google.com/p/vilefault/ It would be really awesome if Apple would open up all of this code or at least publish a specification for how it works. With either we could have a Fuse file system module to support these disk images on other platforms... Best, Jacob
Description: OpenPGP digital signature