On 2007-01-18 Simon Slavin wrote:
> On 18 Jan 2007, at 2:29pm, Ansgar -59cobalt- Wiechers wrote:
>> On 2007-01-18 Simon Slavin wrote:
>>> On 17 Jan 2007, at 11:28pm, Gregor Alessi wrote:
>>>> To crack Open Firmware Protection just remove physical memory - the
>>>> PW will be gone.
>>>
>>> Intel Macs use something that does the same job as Open Firmware
>>> passwords, but doesn't work the same. Changing physical memory does
>>> not defeat it.
>>
>> Then they have to have some other means to reset the firmware to
>> default values (which should include erasing any user-defined
>> passwords). Not being able to reset it would be pretty much
>> inacceptable IMHO, because it would leave you with unusable hardware
>> if the password got lost.
>
> You're right. But it's not nearly as simple as making trivial
> changes to hardware, and some who isn't an expert is more likely to
> fry your motherboard than to do it right. But firmware passwords
> don't really matter if you're talking about serious data thieves
> since all they need to do is take the hard disk out of your computer
> and put it into another one.
If you plan on securing data against theft, this is the major scenario
you have to consider.
>> Anyway, I think what Gregor meant to tell is that firmware passwords
>> won't stop an attacker from accessing data on a stolen notebook.
>
> Physical possession of the computer, plus infinite time, gives the
> attacker access to your data. That has always been a given in all
> computer security considerations. What you're trying to do is not
> devise some unbreakable form of encryption but to raise the amount of
> time and effort it takes to crack your system.
Sure. However, firmware passwords do not raise the bar when it comes to
stolen notebooks. Remove the harddisk, attach it to some other computer,
mount the volumes, have access to the data. You know as well as I do
that it is as simple as that.
> The big problem with FileVault is that you automatically open the
> vault by logging in. So all an attacker needs to be able to do is
> see you type your login password. And you probably do that every day
> just to use your computer whether you need your secure material or
> not. The reason I prefer encrypted disk images is that the user, who
> is presumably aware of the security implications of her or his work,
> has to intentionally perform a particular operation when they start
> working on their secure material. This means they will already be
> thinking about security when they type in the appropriate password
> instead of just wanting to use their computer to browse the web or
> read email and therefore not being in a mindset that makes them think
> about security.
You're right that an attacker may have spied the password. However, as
mentioned in my previous mail, I'd still use the encrypted disk image
only in addition to Filevault. For the reasons given in my previous
mail.
>>> And could I restress the idea of using an encrypted disk image ?
>>> People seem to have ignored it when it's an almost idea solution for
>>> most of you.
>>
>> I'd recommend against the suggestion you made in your other post,
>> because even though the encrypted disk image will protect the files
>> it contains, sensitive data may be leaked through caches or temporary
>> files when the user is working with the data. Using Filevault (and
>> encrypted swap) should prevent this (as far as possible without full
^^^^^^^^^^^^^^
>> disk encryption), since OS X keeps all user data inside the user's
>> home.
>
> Sorry, but no. Consider how virtual memory works: it takes various
> things and puts them on parts of the disk which are outside your home
> folder and therefore unaffected by FileVault.
That *could* be the reason why I mentioned that virtual memory (AKA
swap) should be encrypted as well, don't you think? The encrypted disk
image alone does not address the problem of sensitive data being stored
in caches, virtual memory or temporary files. But encrypted virtual
memory and Filevault do.
> If people are concerned about leaks to that extent this thread should
> have been full of people pointing out the settings for setting a
> master password and encrypting Virtual Memory and all that stuff.
A master password is required for enabling Filevault, and I *did*
suggest encrypting virtual memory.
> And if people are really serious I'm surprised nobody has yet cited
>
> http://images.apple.com/server/pdfs/Tiger_Security_Config.pdf
>
> or the NSA version
>
> http://www.nsa.gov/snac/downloads_macX.cfm
Which part of either of these document is covering an aspect of the OP's
question that has not yet been addressed?
> or the ability for OS X to use Smart Card security along with a
> password.
That may help mitigate the problem of the user's password being spied,
yes.
Regards
Ansgar Wiechers
--
"Another option [for defragmentation] is to back up your important files,
erase the hard disk, then reinstall Mac OS X and your backed up files."
--http://docs.info.apple.com/article.html?artnum=25668
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/email@hidden
This email sent to email@hidden
