[Mac_crypto] MacOS X (Panther) FileVault
Ralf-P. Weinmann
weinmann at cdc.informatik.tu-darmstadt.de
Sat Nov 15 04:03:33 PST 2003
On Thu, Nov 13, 2003 at 01:15:03PM +0000, Nicko van Someren wrote:
> This is basically correct. FileVault uses an auto-mounting version of
> the encrypted disk image facility that was in 10.2, tweaked to allow
> the image to be opened even before your main key chain is available
> (since the key chain is stored inside your home directory). The
> standard encrypted image format uses a random key stored on your key
> chain, which is itself encrypted with a salted and hashed copy of the
> keychain pass phrase, which defaults to your login password. My
> suspicion is that for the FileVault there is some other key chain file
> in the system folder which stores the key for decrypting your home
> directory disk image and that the pass phrase for that is just your
> login password.
Ahhhh... So FileVault actually is just a marketing term for the encrypted
disk images! Thanks for the explanation! I just hope my login password can
be longer than 8 characters then.
>
> > File Vault will automatically expand or contract the disk image at
> > certain points. It creates a new image, copies everything over, and
> > deletes the old image.
>
> Yup, it essentially does an "hdiutil compact" command when you log out.
Do you know whether the source code to hdiutil and hdid respectively its
10.3 kernel equivalent is available? I can't seem to find it in the
Darwin 7.0 public source.
> > I don't know what mode of AES-128 it uses.
>
> I believe that it uses counter mode, since it's efficient when doing
> random access to the encrypted data.
Of course counter mode would be ideally suited for this application. The
question is whether the people at Apple implementing this feature knew this :)
I believe in peer-reviewed source code for crypto apps/features.
Cheers,
Ralf
--
Ralf-P. Weinmann <weinmann at cdc.informatik.tu-darmstadt.de>
PGP fingerprint: 1024D/EF114FC02F150EB9D4F275B6159CEBEAEFCD9B06
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
More information about the cypherpunks-legacy
mailing list