--- begin forwarded text
Status: U Date: Sat, 15 Nov 2003 13:03:33 +0100 From: "Ralf-P. Weinmann" <[EMAIL PROTECTED]> To: Nicko van Someren <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED], "R. A. Hettinga" <[EMAIL PROTECTED]> Subject: Re: [Mac_crypto] MacOS X (Panther) FileVault On Thu, Nov 13, 2003 at 01:15:03PM +0000, Nicko van Someren wrote: > This is basically correct. FileVault uses an auto-mounting version of > the encrypted disk image facility that was in 10.2, tweaked to allow > the image to be opened even before your main key chain is available > (since the key chain is stored inside your home directory). The > standard encrypted image format uses a random key stored on your key > chain, which is itself encrypted with a salted and hashed copy of the > keychain pass phrase, which defaults to your login password. My > suspicion is that for the FileVault there is some other key chain file > in the system folder which stores the key for decrypting your home > directory disk image and that the pass phrase for that is just your > login password. Ahhhh... So FileVault actually is just a marketing term for the encrypted disk images! Thanks for the explanation! I just hope my login password can be longer than 8 characters then. > > > File Vault will automatically expand or contract the disk image at > > certain points. It creates a new image, copies everything over, and > > deletes the old image. > > Yup, it essentially does an "hdiutil compact" command when you log out. Do you know whether the source code to hdiutil and hdid respectively its 10.3 kernel equivalent is available? I can't seem to find it in the Darwin 7.0 public source. > > I don't know what mode of AES-128 it uses. > > I believe that it uses counter mode, since it's efficient when doing > random access to the encrypted data. Of course counter mode would be ideally suited for this application. The question is whether the people at Apple implementing this feature knew this :) I believe in peer-reviewed source code for crypto apps/features. Cheers, Ralf -- Ralf-P. Weinmann <[EMAIL PROTECTED]> PGP fingerprint: 1024D/EF114FC02F150EB9D4F275B6159CEBEAEFCD9B06 --- end forwarded text -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
