On Oct 24, 2009, at 5:31 PM, Jerry Leichter wrote:
The article at http://www.net-security.org/article.php?id=1322
claims that both are easily broken. I haven't been able to find any
public analyses of Keychain, even though the software is open-source
so it's relatively easy to check. I ran across an analysis of File
Vault not long ago which pointed out some fairly minor nits, but
basically claimed it did what it set out to do.
The article makes a bunch of other claims which aren't obviously
unreasonable.
Anyone one know of more recent analysis of Mac encryption stuff?
(OS bugs/security holes are a whole other story....)
The article specifically mentions Mac Marshall for attacking
FileVault, but from the descriptions of it I can find it's just doing
password guessing.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com