[X-Unix] How secure is OS X storage of Unix passwords
Eugene
list-themacintoshguy at fsck.net
Mon Apr 4 08:41:57 PDT 2005
On Mon, Apr 04, 2005 at 01:33:07PM +0200, Kuestner, Bjoern <Bjoern.Kuestner at drkw.com> wrote:
:
: Keychain holds a lot of passwords for OS X users: Web site access, disk
: images, etc.
:
: Most users have only their default keychain which is protected by their
: login password.
:
: Where and how secure does OS X store login passwords?
Passwords and such are stored in the OS X keychain mechanism, which uses
3DES for encryption.
: I understand OS X loads /etc/passwd into the netinfo DB.
:
: Does OS X use the same standard "crypt" algorithm from traditional unix?
Most modern Unix distributions no longer use crypt(3).
: Is that really only 56-bit long as I read on several web pages on the
: subject?
:
: What good is then having sensitive data on the laptop within a 128-bit-key
: encrypted disk image?
Well, that depends on your definition of "sensitive". How important is
the security of your data? Do you want the world's top code busters to
use 1000000-node supercomputer clusters to spend several real years to
brute-force crack your data? If so, OS X's security model is probably
not apprpriate for your needs.
--
Eugene
http://www.coxar.pwp.blueyonder.co.uk/
More information about the X-Unix
mailing list