[Fed-Talk] Re: FileVault 2 encryption
[Fed-Talk] Re: FileVault 2 encryption
- Subject: [Fed-Talk] Re: FileVault 2 encryption
- From: Shawn Geddis <email@hidden>
- Date: Tue, 11 Oct 2011 11:42:47 -0400
On Oct 11, 2011, at 9:53 AM, Rowe, Walter wrote: If any of you are part of the developer program, this was discussed in length on the developer forums. There was a WWDC session that detailed the changes coming in Lion for the encryption modules and engine. Lion uses all new stuff. If I recall correctly, it is based on the work done with iOS 5 that is currently going through the FIPS process. The rationale for rolling their own was that Apple wanted a stable, controlled encryption platform on which their products rely rather than the often changing OpenSSL platform over which Apple had no control. This lets Apple retain FIPS validated status more easily (my thought, not Apple's) across OS upgrades (iOS, OS X) and across devices (iPad, iPhone, Mac).
-- Walter Rowe, System Hosting Enterprise Systems / OISM
Walter,
Just to clear up (or help to avoid confusion) part of your statement.... The rationale for rolling their own was that Apple wanted a stable, controlled encryption platform on which their products rely rather than the often changing OpenSSL platform over which Apple had no control.
Apple had included OpenSSL as an open source project on OS X, but it was not the source of cryptography for OS X. The CSP-Cryptographic Service Provider via the CDSA - Common Data Security Architecture is what provided the main source of cryptography prior to OS X Lion. CDSA was originally created by Intel Labs and is managed by the OpenGroup. Apple was the single largest contributor and consumer of CDSA since earlier Mac OS 9 days, but it has been replaced now with Next Generation Cryptography. Third-Party developers are working to transition their applications with the release of OS X Lion.
- Shawn ________________________________________ Shawn Geddis Security Consulting Engineer Apple Enterprise Division
|
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden