[Mac_crypto] MacOS X (Panther) FileVault
Kevin Elliott
k-elliott at wiu.edu
Tue Nov 25 12:57:22 PST 2003
At 19:01 -0500 on 11/15/03, R. A. Hettinga wrote:
>--- begin forwarded text
>
>
>Status: U
>Date: Sat, 15 Nov 2003 13:03:33 +0100
>From: "Ralf-P. Weinmann" <weinmann at cdc.informatik.tu-darmstadt.de>
>To: Nicko van Someren <nicko at ncipher.com>
>Cc: mac_crypto at vmeng.com, "R. A. Hettinga" <rah at shipwright.com>
>Subject: Re: [Mac_crypto] MacOS X (Panther) FileVault
>
>On Thu, Nov 13, 2003 at 01:15:03PM +0000, Nicko van Someren wrote:
>> This is basically correct. FileVault uses an auto-mounting version of
>> the encrypted disk image facility that was in 10.2, tweaked to allow
>> the image to be opened even before your main key chain is available
>> (since the key chain is stored inside your home directory). The
>> standard encrypted image format uses a random key stored on your key
>> chain, which is itself encrypted with a salted and hashed copy of the
>> keychain pass phrase, which defaults to your login password. My
>> suspicion is that for the FileVault there is some other key chain file
>> in the system folder which stores the key for decrypting your home
>> directory disk image and that the pass phrase for that is just your
>> login password.
>
>Ahhhh... So FileVault actually is just a marketing term for the encrypted
>disk images! Thanks for the explanation! I just hope my login password can
>be longer than 8 characters then.
Yes/no. When your not logged in your home folder is stored as an
encrypted DiskImage. In addition part of enabling FileVault was a
complete rework of how login authentication was handled, part of
which included removing the 8 char limitation. For the record, apple
has always allowed passwords longer than 8 char, prior to 10.3,
however, only the first 8 char were used to log you in, though the
other characters were used to unlock your keychain.
>> > File Vault will automatically expand or contract the disk image at
>> > certain points. It creates a new image, copies everything over, and
>> > deletes the old image.
>>
>> Yup, it essentially does an "hdiutil compact" command when you log out.
>
>Do you know whether the source code to hdiutil and hdid respectively its
>10.3 kernel equivalent is available? I can't seem to find it in the
>Darwin 7.0 public source.
No they are not. Apple considers DiskImages to be a proprietary
competitive advantage.
>> > I don't know what mode of AES-128 it uses.
>>
>> I believe that it uses counter mode, since it's efficient when doing
>> random access to the encrypted data.
>
>Of course counter mode would be ideally suited for this application. The
>question is whether the people at Apple implementing this feature knew this :)
It is a virtual certainty that Apple used Security.framework which
includes a variety of algorithms (including AES) and secure/peer
reviewed operation modes. I believe the security framework is open
source, and in fact based on a broader standard (CDSA). If you'd
like to know for certain I'd suggest you email dts at apple.com and/or
file a bug report at bugreporter.apple.com (requires free
registration) on the documentation.
--
__________________________________________
Arguing with an engineer is like wrestling with a pig in mud.
After a while, you realize the pig is enjoying it.
__________________________________________
Kevin Elliott <mailto:kelliott at mac.com>
ICQ#23758827 AIM ID: teargo
iChatAV: kelliott at mac.com (video chat available)
__________________________________________
More information about the Testlist
mailing list