Re: Security of Mac Keychain, Filevault

2009-11-08 Thread James A. Donald
Jerry Leichter wrote: NFC? Near Field Communications - the wireless equivalent of whispering in someone's ear. Ideally, a NFC chip should only be able to talk to something that is an inch or so away, and it should be impossible to eavesdrop from more than a foot or so away. Lots of people

Re: Security of Mac Keychain, Filevault

2009-11-03 Thread Taral
On Mon, Nov 2, 2009 at 5:41 PM, Jerry Leichter leich...@lrw.com wrote: The trend is for this to get worse, with network-wide shared authentication via OpenID or whatever other standard catches on. Not to derail this, but OpenID is flexible enough to permit fine-grained authentication as well

Re: Security of Mac Keychain, Filevault

2009-11-02 Thread Steven Bellovin
On Oct 29, 2009, at 11:25 PM, Jerry Leichter wrote: A couple of days ago, I pointed to an article claiming that these were easy to break, and asked if anyone knew of security analyses of these facilities. I must say, I'm very disappointed with the responses. Almost everyone attacked

Re: Security of Mac Keychain, Filevault

2009-11-02 Thread Jerry Leichter
On Nov 1, 2009, at 10:32 PM, Steven Bellovin wrote: On Oct 29, 2009, at 11:25 PM, Jerry Leichter wrote: A couple of days ago, I pointed to an article claiming that these were easy to break, and asked if anyone knew of security analyses of these facilities. I must say, I'm very

Re: Security of Mac Keychain, Filevault

2009-11-02 Thread Jerry Leichter
On Nov 2, 2009, at 5:36 PM, Jeffrey I. Schiller wrote: - Jerry Leichter leich...@lrw.com wrote: for iPhone's and iPod Touches, which are regularly used to hold passwords (for mail, at the least). I would not (do not) trust the iPhone (or iPod Touch) to protect a high value password.

re: Security of Mac Keychain, Filevault

2009-11-01 Thread Jerry Leichter
A couple of days ago, I pointed to an article claiming that these were easy to break, and asked if anyone knew of security analyses of these facilities. I must say, I'm very disappointed with the responses. Almost everyone attacked the person quoted in the article. The attacks they