Re: [Mac_crypto] MacOS X (Panther) FileVault
At 19:01 -0500 on 11/15/03, R. A. Hettinga wrote: --- begin forwarded text Status: U Date: Sat, 15 Nov 2003 13:03:33 +0100 From: Ralf-P. Weinmann [EMAIL PROTECTED] To: Nicko van Someren [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], R. A. Hettinga [EMAIL PROTECTED] Subject: Re: [Mac_crypto] MacOS X (Panther) FileVault On Thu, Nov 13, 2003 at 01:15:03PM +, Nicko van Someren wrote: This is basically correct. FileVault uses an auto-mounting version of the encrypted disk image facility that was in 10.2, tweaked to allow the image to be opened even before your main key chain is available (since the key chain is stored inside your home directory). The standard encrypted image format uses a random key stored on your key chain, which is itself encrypted with a salted and hashed copy of the keychain pass phrase, which defaults to your login password. My suspicion is that for the FileVault there is some other key chain file in the system folder which stores the key for decrypting your home directory disk image and that the pass phrase for that is just your login password. A... So FileVault actually is just a marketing term for the encrypted disk images! Thanks for the explanation! I just hope my login password can be longer than 8 characters then. Yes/no. When your not logged in your home folder is stored as an encrypted DiskImage. In addition part of enabling FileVault was a complete rework of how login authentication was handled, part of which included removing the 8 char limitation. For the record, apple has always allowed passwords longer than 8 char, prior to 10.3, however, only the first 8 char were used to log you in, though the other characters were used to unlock your keychain. File Vault will automatically expand or contract the disk image at certain points. It creates a new image, copies everything over, and deletes the old image. Yup, it essentially does an hdiutil compact command when you log out. Do you know whether the source code to hdiutil and hdid respectively its 10.3 kernel equivalent is available? I can't seem to find it in the Darwin 7.0 public source. No they are not. Apple considers DiskImages to be a proprietary competitive advantage. I don't know what mode of AES-128 it uses. I believe that it uses counter mode, since it's efficient when doing random access to the encrypted data. Of course counter mode would be ideally suited for this application. The question is whether the people at Apple implementing this feature knew this :) It is a virtual certainty that Apple used Security.framework which includes a variety of algorithms (including AES) and secure/peer reviewed operation modes. I believe the security framework is open source, and in fact based on a broader standard (CDSA). If you'd like to know for certain I'd suggest you email [EMAIL PROTECTED] and/or file a bug report at bugreporter.apple.com (requires free registration) on the documentation. -- __ Arguing with an engineer is like wrestling with a pig in mud. After a while, you realize the pig is enjoying it. __ Kevin Elliott mailto:[EMAIL PROTECTED] ICQ#23758827 AIM ID: teargo iChatAV: [EMAIL PROTECTED] (video chat available) __
Re: [Mac_crypto] MacOS X (Panther) FileVault
--- begin forwarded text Status: U Date: Sat, 15 Nov 2003 13:03:33 +0100 From: Ralf-P. Weinmann [EMAIL PROTECTED] To: Nicko van Someren [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], R. A. Hettinga [EMAIL PROTECTED] Subject: Re: [Mac_crypto] MacOS X (Panther) FileVault On Thu, Nov 13, 2003 at 01:15:03PM +, Nicko van Someren wrote: This is basically correct. FileVault uses an auto-mounting version of the encrypted disk image facility that was in 10.2, tweaked to allow the image to be opened even before your main key chain is available (since the key chain is stored inside your home directory). The standard encrypted image format uses a random key stored on your key chain, which is itself encrypted with a salted and hashed copy of the keychain pass phrase, which defaults to your login password. My suspicion is that for the FileVault there is some other key chain file in the system folder which stores the key for decrypting your home directory disk image and that the pass phrase for that is just your login password. A... So FileVault actually is just a marketing term for the encrypted disk images! Thanks for the explanation! I just hope my login password can be longer than 8 characters then. File Vault will automatically expand or contract the disk image at certain points. It creates a new image, copies everything over, and deletes the old image. Yup, it essentially does an hdiutil compact command when you log out. Do you know whether the source code to hdiutil and hdid respectively its 10.3 kernel equivalent is available? I can't seem to find it in the Darwin 7.0 public source. I don't know what mode of AES-128 it uses. I believe that it uses counter mode, since it's efficient when doing random access to the encrypted data. Of course counter mode would be ideally suited for this application. The question is whether the people at Apple implementing this feature knew this :) I believe in peer-reviewed source code for crypto apps/features. Cheers, Ralf -- Ralf-P. Weinmann [EMAIL PROTECTED] PGP fingerprint: 1024D/EF114FC02F150EB9D4F275B6159CEBEAEFCD9B06 --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [Mac_crypto] MacOS X (Panther) FileVault
--- begin forwarded text Status: U Delivered-To: [EMAIL PROTECTED] Cc: R. A. Hettinga [EMAIL PROTECTED], Ralf-P. Weinmann [EMAIL PROTECTED] From: Nicko van Someren [EMAIL PROTECTED] Subject: Re: [Mac_crypto] MacOS X (Panther) FileVault To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] List-Id: Macintosh Cryptography mac_crypto.vmeng.com List-Post: mailto:[EMAIL PROTECTED] List-Help: mailto:[EMAIL PROTECTED] List-Subscribe: http://www.vmeng.com/mailman/listinfo/mac_crypto, mailto:[EMAIL PROTECTED] List-Archive: http://www.vmeng.com/pipermail/mac_crypto/ Date: Thu, 13 Nov 2003 13:15:03 + On 13 Nov 2003, at 5:12, David Shayer wrote: I was told that FileVault replaces your home directory with an encrypted disk image, much like PGP Disk, so its probably blockwise underneath the file system layer. Files in your home directory are copied into the disk image, and some file system links redirect calls to the home directory to the disk image, and keep the user from seeing it as another mounted disk. This is basically correct. FileVault uses an auto-mounting version of the encrypted disk image facility that was in 10.2, tweaked to allow the image to be opened even before your main key chain is available (since the key chain is stored inside your home directory). The standard encrypted image format uses a random key stored on your key chain, which is itself encrypted with a salted and hashed copy of the keychain pass phrase, which defaults to your login password. My suspicion is that for the FileVault there is some other key chain file in the system folder which stores the key for decrypting your home directory disk image and that the pass phrase for that is just your login password. File Vault will automatically expand or contract the disk image at certain points. It creates a new image, copies everything over, and deletes the old image. Yup, it essentially does an hdiutil compact command when you log out. I don't know what mode of AES-128 it uses. I believe that it uses counter mode, since it's efficient when doing random access to the encrypted data. Nicko ___ mac_crypto mailing list [EMAIL PROTECTED] http://www.vmeng.com/mailman/listinfo/mac_crypto --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [Mac_crypto] MacOS X (Panther) FileVault
--- begin forwarded text Status: U Delivered-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From: David Shayer [EMAIL PROTECTED] Subject: Re: [Mac_crypto] MacOS X (Panther) FileVault Cc: Ralf-P. Weinmann [EMAIL PROTECTED], R. A. Hettinga [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] List-Id: Macintosh Cryptography mac_crypto.vmeng.com List-Post: mailto:[EMAIL PROTECTED] List-Help: mailto:[EMAIL PROTECTED] List-Subscribe: http://www.vmeng.com/mailman/listinfo/mac_crypto, mailto:[EMAIL PROTECTED] List-Archive: http://www.vmeng.com/pipermail/mac_crypto/ Date: Wed, 12 Nov 2003 21:12:02 -0800 From: Ralf-P. Weinmann [EMAIL PROTECTED] Are there any whitepapers available on the design of FileVault? Except for impressive words from marketing droids (AES-128, industry-standard cipher, yawn) I have seen absolutely zilch on the implementation yet: i.e. is encryption done on a per-file basis or is rather blockwise underneath the filesystem layer (ala loop-aes under Linux)? AES-128, fair enough; but what mode is used for encrypting the files/blocks? ECB? CBC? CTR? CCM? I was told that FileVault replaces your home directory with an encrypted disk image, much like PGP Disk, so its probably blockwise underneath the file system layer. Files in your home directory are copied into the disk image, and some file system links redirect calls to the home directory to the disk image, and keep the user from seeing it as another mounted disk. File Vault will automatically expand or contract the disk image at certain points. It creates a new image, copies everything over, and deletes the old image. I don't know what mode of AES-128 it uses. -- David If tyranny and oppression come to this land, it will be in the guise of fighting a foreign enemy. - James Madison ___ mac_crypto mailing list [EMAIL PROTECTED] http://www.vmeng.com/mailman/listinfo/mac_crypto --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'