[Mac_crypto] MacOS X (Panther) FileVault

Kevin Elliott k-elliott at wiu.edu
Tue Nov 25 12:57:22 PST 2003


At 19:01 -0500  on  11/15/03, R. A. Hettinga wrote:
>--- begin forwarded text
>
>
>Status:  U
>Date: Sat, 15 Nov 2003 13:03:33 +0100
>From: "Ralf-P. Weinmann" <weinmann at cdc.informatik.tu-darmstadt.de>
>To: Nicko van Someren <nicko at ncipher.com>
>Cc: mac_crypto at vmeng.com, "R. A. Hettinga" <rah at shipwright.com>
>Subject: Re: [Mac_crypto] MacOS X (Panther) FileVault
>
>On Thu, Nov 13, 2003 at 01:15:03PM +0000, Nicko van Someren wrote:
>>  This is basically correct.  FileVault uses an auto-mounting version of
>>  the encrypted disk image facility that was in 10.2, tweaked to allow
>>  the image to be opened even before your main key chain is available
>>  (since the key chain is stored inside your home directory).  The
>>  standard encrypted image format uses a random key stored on your key
>>  chain, which is itself encrypted with a salted and hashed copy of the
>>  keychain pass phrase, which defaults to your login password.  My
>>  suspicion is that for the FileVault there is some other key chain file
>>  in the system folder which stores the key for decrypting your home
>>  directory disk image and that the pass phrase for that is just your
>>  login password.
>
>Ahhhh... So FileVault actually is just a marketing term for the encrypted
>disk images! Thanks for the explanation! I just hope my login password can
>be longer than 8 characters then.

Yes/no.  When your not logged in your home folder is stored as an 
encrypted DiskImage.  In addition part of enabling FileVault was a 
complete rework of how login authentication was handled, part of 
which included removing the 8 char limitation.  For the record, apple 
has always allowed passwords longer than 8 char, prior to 10.3, 
however, only the first 8 char were used to log you in, though the 
other characters were used to unlock your keychain.

>>  > File Vault will automatically expand or contract the disk image at
>>  > certain points. It creates a new image, copies everything over, and
>>  > deletes the old image.
>>
>>  Yup, it essentially does an "hdiutil compact" command when you log out.
>
>Do you know whether the source code to hdiutil and hdid respectively its
>10.3 kernel equivalent is available? I can't seem to find it in the
>Darwin 7.0 public source.

No they are not.  Apple considers DiskImages to be a proprietary 
competitive advantage.

>>  > I don't know what mode of AES-128 it uses.
>>
>>  I believe that it uses counter mode, since it's efficient when doing
>>  random access to the encrypted data.
>
>Of course counter mode would be ideally suited for this application. The
>question is whether the people at Apple implementing this feature knew this :)

It is a virtual certainty that Apple used Security.framework which 
includes a variety of algorithms (including AES) and secure/peer 
reviewed operation modes.  I believe the security framework is open 
source, and in fact based on a broader standard (CDSA).  If you'd 
like to know for certain I'd suggest you email dts at apple.com and/or 
file a bug report at bugreporter.apple.com (requires free 
registration) on the documentation.
-- 
__________________________________________
Arguing with an engineer is like wrestling with a pig in mud.
After a while, you realize the pig is enjoying it.
__________________________________________
Kevin Elliott   <mailto:kelliott at mac.com>
ICQ#23758827               AIM ID: teargo
iChatAV: kelliott at mac.com  (video chat available)
__________________________________________





More information about the cypherpunks-legacy mailing list