On Thu, Nov 13, 2003 at 01:15:03PM +0000, Nicko van Someren wrote:

This is basically correct. FileVault uses an auto-mounting version of the encrypted disk image facility that was in 10.2, tweaked to allow the image to be opened even before your main key chain is available (since the key chain is stored inside your home directory). The standard encrypted image format uses a random key stored on your key chain, which is itself encrypted with a salted and hashed copy of the keychain pass phrase, which defaults to your login password. My suspicion is that for the FileVault there is some other key chain file in the system folder which stores the key for decrypting your home directory disk image and that the pass phrase for that is just your login password.

Ahhhh... So FileVault actually is just a marketing term for the encrypted disk images! Thanks for the explanation! I just hope my login password can be longer than 8 characters then.

...

File Vault will automatically expand or contract the disk image at certain points. It creates a new image, copies everything over, and deletes the old image.

Yup, it essentially does an "hdiutil compact" command when you log out.

Do you know whether the source code to hdiutil and hdid respectively its 10.3 kernel equivalent is available? I can't seem to find it in the Darwin 7.0 public source.

...

I don't know what mode of AES-128 it uses.

I believe that it uses counter mode, since it's efficient when doing random access to the encrypted data.

Of course counter mode would be ideally suited for this application. The question is whether the people at Apple implementing this feature knew this :) I believe in peer-reviewed source code for crypto apps/features. Cheers, Ralf -- Ralf-P. Weinmann <weinmann@cdc.informatik.tu-darmstadt.de> PGP fingerprint: 1024D/EF114FC02F150EB9D4F275B6159CEBEAEFCD9B06 --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'