[X-Unix] How secure is OS X storage of Unix passwords

Kuestner, Bjoern Bjoern.Kuestner at drkw.com
Tue Apr 5 04:28:21 PDT 2005 


<http://images.apple.com/macosx/pdf/Security_in_Mac_OS_X.pdf>
> 
> All of the password data in the keychain is protected using the Triple
> Digital Encryption Standard (3DES).

Thanks Eugene. 

Even when hitting me on the nose with that PDF it still wasn't obvious for
me. I think the problem is that I have an incorrect understanding of the
Keychain application.

I thought that 
- you have the login process that logs you on 
- and then starts the keychain process. 

But from that document I understand that the login process is already
handled by the keychain, the two processes cooperate or might even be the
same:

> Local single sign-on. Mac OS X enables you to sign on only once, obtaining
your
> single sign-on credentials from the keychain for local authentication

So although the password encryption is nowhere noted in that document, my
question actually doesn't make much sense for OS X, because the encryption
technology of the Keychain application (TripleDES) is the encryption method
for the login password.

What can I say ... learn something new every day.

Thanks,

Bjorn






_______________________________________________
X-Unix mailing list
X-Unix at listserver.themacintoshguy.com
http://listserver.themacintoshguy.com/mailman/listinfo/x-unix

Listmom is trying to clean out his closets! Vintage Mac and random stuff:
         http://search.ebay.com/_W0QQsassZmacguy1984


--------------------------------------------------------------------------------
The information contained herein is confidential and is intended solely for the
addressee. Access by any other party is unauthorised without the express
written permission of the sender. If you are not the intended recipient, please
contact the sender either via the company switchboard on +44 (0)20 7623 8000, or
via e-mail return. If you have received this e-mail in error or wish to read our
e-mail disclaimer statement and monitoring policy, please refer to 
http://www.drkw.com/disc/email/ or contact the sender. 3167
--------------------------------------------------------------------------------

More information about the X-Unix mailing list