--- begin forwarded text
Status: U
Delivered-To: [EMAIL PROTECTED]
Cc: R. A. Hettinga [EMAIL PROTECTED],
Ralf-P. Weinmann [EMAIL PROTECTED]
From: Nicko van Someren [EMAIL PROTECTED]
Subject: Re: [Mac_crypto] MacOS X (Panther) FileVault
To: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
List-Id: Macintosh Cryptography mac_crypto.vmeng.com
List-Post: mailto:[EMAIL PROTECTED]
List-Help: mailto:[EMAIL PROTECTED]
List-Subscribe: http://www.vmeng.com/mailman/listinfo/mac_crypto,
mailto:[EMAIL PROTECTED]
List-Archive: http://www.vmeng.com/pipermail/mac_crypto/
Date: Thu, 13 Nov 2003 13:15:03 +
On 13 Nov 2003, at 5:12, David Shayer wrote:
I was told that FileVault replaces your home directory with an
encrypted disk image, much like PGP Disk, so its probably blockwise
underneath the file system layer. Files in your home directory are
copied into the disk image, and some file system links redirect calls
to the home directory to the disk image, and keep the user from seeing
it as another mounted disk.
This is basically correct. FileVault uses an auto-mounting version of
the encrypted disk image facility that was in 10.2, tweaked to allow
the image to be opened even before your main key chain is available
(since the key chain is stored inside your home directory). The
standard encrypted image format uses a random key stored on your key
chain, which is itself encrypted with a salted and hashed copy of the
keychain pass phrase, which defaults to your login password. My
suspicion is that for the FileVault there is some other key chain file
in the system folder which stores the key for decrypting your home
directory disk image and that the pass phrase for that is just your
login password.
File Vault will automatically expand or contract the disk image at
certain points. It creates a new image, copies everything over, and
deletes the old image.
Yup, it essentially does an hdiutil compact command when you log out.
I don't know what mode of AES-128 it uses.
I believe that it uses counter mode, since it's efficient when doing
random access to the encrypted data.
Nicko
___
mac_crypto mailing list
[EMAIL PROTECTED]
http://www.vmeng.com/mailman/listinfo/mac_crypto
--- end forwarded text
--
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'