Jerry Leichter wrote: > The article at http://www.net-security.org/article.php?id=1322 claims > that both are easily broken. I haven't been able to find any public > analyses of Keychain, even though the software is open-source so it's > relatively easy to check. I ran across an analysis of File Vault not > long ago which pointed out some fairly minor nits, but basically claimed > it did what it set out to do. > > The article makes a bunch of other claims which aren't obviously > unreasonable. > > Anyone one know of more recent analysis of Mac encryption stuff? (OS > bugs/security holes are a whole other story....)
The last page of the article has references and this: "MacMarshal. The best Mac tool I ve seen so far, it is right now the number 1 Mac tool. MacMarshall can parse user account information , Address Book, Safari, iChat, and can even crack File Vault. This is free to Law Enforcement." But on another page we find: http://www.macosxforensics.com/Analysis/CrackingFileVault/CrackingFileVault.html "Cracking FileVault is a bit of a misnomer. As of this writing, here is not a known flaw in the 128 bit AES encryption that is being used. When attempting to open a FileVault encrypted Home directory, there are two methods which can be used: Brute Force Brute Force with a dictionary attack [...] Much faster utilities such as crowbarDMG and Mac Marshal are now available which will give you speeds Spartan will never attain in its current form." So, this seems to be all about dictionary attacks. More troublesome is the claim by the forensic expert that the best tool to analyze a mac filesystem is a mac, which he just proclaimed as insecure. This calls for a disaster: A trojan that targets forensic examiners... --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
