[Mac_crypto] Encrypting Removable Mac Drive

[David Stoler]

Dear all,

I have been using this method for some time, for lack of any alternative.

I have two related concerns:

1. Nobody has published an analysis of the security of Apple's implementation of their AES-encrypted disk images. I am not worried about whether they implemented AES correctly. The subtle details of developing this type of software concerns me. (Where and how does Apple store the keys when images are mounted? etc...)

2. Similarly, nobody has published an analysis of the security of Apple's keychain. It doesn't matter how strong the AES-encrypted disk images are, if the key can be easily obtained from the keychain.

A while ago, I learned that Apple is NOT using their "Comcryption" algorithm for the MacOS 9 keychain. The keychain is protected with a 128 bit key.

You are not required to store your disk image passphrases in the keychain. If you don't, you must enter the passphrase twice each time you want to mount a disk image, an annoyance.

Cheers,

David


>
>Posted on Thu, Aug. 08, 2002
>
>
>Encrypting Removable Mac Drive
>
>Posted by Dan Gillmor
>
>In this recent posting I was bemoaning the missing encryption software in a
>nifty device I've been testing, a USB-powered flash-memory "disk drive" for
my Mac...