Re: [Fed-Talk] File encryption for Mac
Re: [Fed-Talk] File encryption for Mac
- Subject: Re: [Fed-Talk] File encryption for Mac
- From: Michael Pike <email@hidden>
- Date: Mon, 19 Sep 2005 10:02:34 -0600
I am a *Federal Employee*, so I am well aware of what we are capable of.
The issue I have with the AES128 implementation with Mac OS X is the
way it deals with keys. The AES128 algorithym may be secure (or maybe
not, nothing is totally secure), It is my understanding that OS X
encapsulates the key in the keyring. So my thought is that the
encryption is only as strong as the OS X Keychain.
When I change my passphrase, it does NOT change the key used to
encrypt the AES128 volumes. The issue I have with this is if someone
manages to get my encrypted disk image, they could brute force attack
it, without fear of the key changing. I typically change my
passphrases on a regular basis, just to find the AES128 decryption key
never changes, which I do not like.
In regards to the paranoia, look at the 13th paragraph of this story:
http://www.washingtonpost.com/wp-dyn/articles/A1234-2001Sep20.html
Republican representative requesting back doors for all encryption
modules. Seems to me any "standard" would encompass such a
technology.
FIPS requirements mandate certain criteria for generating "random
keys". Apple is currently not certified with FIPS because they do not
"meet" this "standard" - this is DESPITE the fact that Apple's random
number generator is actually superior in technology than the FIPS
standards mandate. Makes me wonder why a standard would be imposed,
and a vendor denied FIPS compliance even though their cryptographic
technology is superior to what is being mandated.
Also, please note that AES128 is the standard for "non-classified
information", aka, "anything of national security cannot use it".
That tells me someone in the government must feel AES128 is not all
that secure. If it's approved for classified data, then I'll trust
it.
This query was based on a personal need to encrypt files that I have
non-related to work, and related to intellectual property consisting
of application source code.
As I stated, I am a federal employee, I love our country, and I trust
our government - what I do not trust is the private corporations that
have tried to reverse engineer my product. If the government does not
trust it for classified information, there is a good possibility that
the time, money, and resources could be spent by private industry to
break the AES128 algorithym.
For the record, I did find a FREE OS X Blowfish encryptor application
(which appears to work very well).
It is Crypt2. You can get it by Googling +blowfish +crypt2.
Now - let me go take my lithium.... :) (that was a joke by the way)
Mike
On 9/19/05, Timothy J. Miller <email@hidden> wrote:
> Michael Pike wrote:
>
> > I know there is AES128 for disk images, but I don't quite trust it
> > considering it is named as a "standard" if you know what I mean.
>
> There's healthy skepticism, and there's paranoia. Then there's the
> amusing notion of expressing this paranoia on the Apple *Federal
> Government* mailing list.
>
> ;)
>
> -- Tim
>
> (Seriously, if you think there's some kind of back door in AES I suggest
> you have a conversation with a cryptographer.)
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
>
>
--
"I never loved email, until I found GMail." - Mike Pike, 2005
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden