Bugtraq mailing list archives
Re: Mac OS X stores login/Keychain/FileVault passwords on disk
From: Adi Kriegisch <adi () cg tuwien ac at>
Date: Fri, 23 Jul 2004 10:08:00 +0200
17.07.2004 23:00 There is one thing about this which makes more than just "lost notebook" or "accessible data" out of this: If you have the login password you have access to the "login keychain" -- the keychain which is unlocked with the users pasword at login time. [ For those who have no idea what keychain is: (taken from http://www.apple.com/macosx/features/security/) "A Secure Keychain To make it easy to manage the daunting number of passwords and permissions intrinsic to network computing, Mac OS X includes a Keychain. The Keychain stores all your information to log onto file servers, ftp servers and Web servers and to use encrypted disk images." (and so on) ] You might create different keychains as well but the problem is your login keychain contains -- at least for most users -- all your webform data, passwords (online banking, ...), access credentials for file servers, your encrypted disk images' passwords and even vpn-passwords if any is used for accessing some private net. I would not mind if anyone could get just some data; even enabling firmware protection is of _NO_ use: just take the hard disk out of the computer/notebook. The problem here is that it is easy to get information which seems to be protected within an encrypted file -- or as apple puts it: "a secure keychain". What I suggest as a temporary solution is to put no information into your login keychain, create another keychain with different password and remove all vital information from your login keychain. (please comment on this -- I'm not sure if I didn't forget anything) Deleting or overwriting swapfiles is no feasible way because one can never be sure if the password still is on disk somewhere. "Secure deleting" would only be possible with overwriting a complete swap partition; MacOSX is dynamically allocating disk space for swapping. So even if this bug is fixed you cannot be sure that your password is not on disk any more after updating. Only solution to this might be to completely fill the free space on root partition and whipe it then... -- check with a grep for your password over the whole partition to be really sure, or (simpler) choose a different password ;-) Adding more ram is no solution to this problem as well because the login application is started very early and then not used for quite some time and MacOSX starts swapping it long before the end of ram is reached... (these are at least my experiences) ad apple: pls fix asap... btw: this was reported on June 21st by Matt Johnston first and is a critical bug! Adi
Current thread:
- Re: Mac OS X stores login/Keychain/FileVault passwords on disk Adi Kriegisch (Jul 15)
- Re: Mac OS X stores login/Keychain/FileVault passwords on disk Theo Van Dinter (Jul 17)
- Re: Mac OS X stores login/Keychain/FileVault passwords on disk Adi Kriegisch (Jul 24)
- Re: Mac OS X stores login/Keychain/FileVault passwords on disk Ray Slakinski (Jul 17)
- <Possible follow-ups>
- Re: Mac OS X stores login/Keychain/FileVault passwords on disk johnny (Jul 17)
- Re: Mac OS X stores login/Keychain/FileVault passwords on disk Kurt Seifried (Jul 18)
- Re: Mac OS X stores login/Keychain/FileVault passwords on disk Chris Boyd (Jul 19)
- Re: Mac OS X stores login/Keychain/FileVault passwords on disk James Goodlet (Jul 19)
- RE: Mac OS X stores login/Keychain/FileVault passwords on disk Michael Shirk (Jul 19)
- Re: Mac OS X stores login/Keychain/FileVault passwords on disk Theo Van Dinter (Jul 17)