[Mac_crypto] MacOS X (Panther) FileVault

[Nicko van Someren]

On 15 Nov 2003, at 12:03, Ralf-P. Weinmann wrote:

> Ahhhh... So FileVault actually is just a marketing term for the 
> encrypted
> disk images! Thanks for the explanation! I just hope my login password 
> can
> be longer than 8 characters then.

Yes, your login password can be as long as you want.  All of it is 
hashed for the keychain but (at least on 10.1) not all of it was used 
for the login.  This lead to the neat feature that if you logged in 
with the whole pass phrase you would find your default key chain 
unlocked but if you just typed the first 8 letters you'd log in without 
the key chain being unlocked.  I've not tried this recently though...

>> Yup, it essentially does an "hdiutil compact" command when you log 
>> out.
>
> Do you know whether the source code to hdiutil and hdid respectively 
> its
> 10.3 kernel equivalent is available? I can't seem to find it in the
> Darwin 7.0 public source.

No idea.  I would presume it's out there somewhere.

>> I believe that it uses counter mode, since it's efficient when doing
>> random access to the encrypted data.
>
> Of course counter mode would be ideally suited for this application. 
> The
> question is whether the people at Apple implementing this feature knew 
> this :)

I've met with the security people at Apple a couple of times and they 
seemed very clued up.  Of course there are also clued up security 
people at Microsoft but their influence does not always percolate out 
into the OS!

> I believe in peer-reviewed source code for crypto apps/features.

So do I but I think that there is still an export control issue on 
crypto source code in the States.  You can get a "commodity status" 
license on something like a boxed version of OS X but you can't get the 
same license for the source code.

Cheers,
	Nicko