[P1] encryption

Joe Jones joham at jo-ham.com
Tue Aug 26 13:14:41 PDT 2003 

If you're going to the trouble of storing data on an encrypted disk 
image then it presumes you want to take more precautions than are 
generally provided in OS X.

OS X is pretty secure, and you can have it not log you in 
automatically, and you can always log out when you're not using it, but 
what happens if someone decides to boot the machine using an OS X 
install CD, resets the admin password and then logs in, or adds a new 
admin user, enables root and changes your password?

What if someone physically steals the disk? Eventually they'll be able 
to reset your password or get root access.

If you don't keep the encrypted disk image password (or phrase with 
multiple words in mixed upper and lower case as I would use) in your 
keychain then there is no way on Earth at present to brute force that 
image. It's been proven that with current processing power it would 
take on the orders of thousands of years to brute force AES 128bit 
encryption. They'd either have to be very lucky or extremely dedicated, 
If you can afford the power needed to break it open then I doubt you'd 
be interested in the contents anyway.

The keychain (and your user account) can be defeated, the disk image 
can not.

Joe

On Tuesday, Aug 26, 2003, at 20:03 Europe/London, Joost van de Griek 
wrote:

> On 2003-08-23 13:03, Jack Rodgers wrote:
>
>> Of course you don't want to store the password for the encrypted 
>> volume
>> in your keychain
>
> Umm... That (among other things) is what it is designed to do...
>
>> Of course if you are going to encrypt the volume you don't want to 
>> have your
>> book startup and log in without your entering your password and also 
>> you don't
>> want to store the password in your keychain. This might not happen 
>> but could
>> one not imagine, without having tested it, that setting your computer 
>> to log
>> in automatically and storing your password in your keychain could 
>> just bypass
>> all of this security? Time and tests will tell.
>
> Anyone who has data that is sensitive it has to be stored on an 
> encrypted
> volume, and leaves his computer to log in automatically, deserves all 
> the
> bad things that happen to him.
>
> ,xtG
> .tsooJ
> -- 
> Light a man a fire, he's warm for a day.
> Light a man on fire, he's warm for the rest of his life.
> -- 
> Joost van de Griek
> <http://www.jvdg.net/>
>
>
> ----------
> iBookList, a listserv for users and fans of Apple's iBook.
> FAQ at <http://www.themacintoshguy.com/lists/iBookListFAQ.shtml>
>
> To unsubscribe, E-mail to: <ibook-off at lists.themacintoshguy.com>
> To switch to the DIGEST mode, E-mail to 
> <ibook-digest at lists.themacintoshguy.com>
> Need help from a real person? Try.  
> <ibook-request at lists.themacintoshguy.com>
> ----------
> Small Dog Electronics    http://www.smalldog.com   | Enter To Win A |
>   --  Canon Digital Camcorders start at $799       |  Free iBook!   |
>
> iBookPlanet.com |  Visit iBookPlanet.com for the hottest
>                 |  iBook News, Features, Reviews & More.
>
>    RoadTools $30 PodiumPad available at Apple retail stores, $20 
> Traveler
>   CoolPad at Staples. Both in white for iBooks at 
> <http://roadtools.com>
>
> MacResQ Specials: LaCie SCSI CDR From $99! PowerBook 3400/200 Only 
> $879!
> Norton AntiVirus 6 Only $19! We Stock PARTS! <http://www.macresq.com>
>

More information about the iBook mailing list