Re: [Mac_crypto] MacOS X (Panther) FileVault
From: "Ralf-P. Weinmann" <weinmann@cdc.informatik.tu-darmstadt.de> Are there any whitepapers available on the design of FileVault? Except for impressive words from marketing droids (AES-128, industry-standard cipher, <yawn>) I have seen absolutely zilch on the implementation yet: i.e. is encryption done on a per-file basis or is rather blockwise underneath the filesystem layer (ala loop-aes under Linux)? AES-128, fair enough; but what mode is used for encrypting the files/blocks? ECB? CBC? CTR? CCM?
I was told that FileVault replaces your home directory with an encrypted disk image, much like PGP Disk, so its probably blockwise underneath the file system layer. Files in your home directory are copied into the disk image, and some file system links redirect calls to the home directory to the disk image, and keep the user from seeing it as another mounted disk. File Vault will automatically expand or contract the disk image at certain points. It creates a new image, copies everything over, and deletes the old image. I don't know what mode of AES-128 it uses. -- David "If tyranny and oppression come to this land, it will be in the guise of fighting a foreign enemy." - James Madison _______________________________________________ mac_crypto mailing list mac_crypto@vmeng.com http://www.vmeng.com/mailman/listinfo/mac_crypto --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
participants (1)
-
David Shayer