Re: [Fed-Talk] Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption
Re: [Fed-Talk] Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption
- Subject: Re: [Fed-Talk] Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption
- From: "Lamb, John (NIH/NHLBI) [C]" <email@hidden>
- Date: Mon, 27 Aug 2012 10:53:02 -0400
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption
I remember seeing this previouslyŠ the "part of the user data was left
unencrypted" bit was fixed by 10.7.3 I believe?
Also, no where in this does it indicate that the key or password was
attacked. Rather, if you know the password/key they were able to reverse
engineer all you need to get the volume to mount.
That's hardly "cracking" - As far as the algorithm itself, unless it is
flawed or quantum computers end up doing magical calculations, time to
brute force an AES-128 key is measured in reference to the age of the
universe. (You could always get lucky and get it in the first attempt, but
its more likely your computer will quantum tunnel to the next room).
--
John Lamb
Desktop Support Technician [Contractor]
Customer Support Branch
Center for Biomedical Informatics (CBI)
National Heart Lung and Blood Institute, NIH
10 Center Drive - Building 10 6C103
Bethesda, MD 20892-7994
Telephone (240) 751-6562 | Email: email@hidden |
NHLBI Computer Services: http://insider.nhlbi.nih.gov/computer
On 8/27/12 10:31 AM, "Pike, Michael (IHS/HQ)" <email@hidden> wrote:
>How can this be???
>
>Schroeder and others assured me it was not crackable. Not even by NSA.
>
>Mike
>
>Sent via my iOS 6 Device
>
>On Aug 27, 2012, at 8:04 AM, "Jeffrey Walton" <email@hidden> wrote:
>
>> http://eprint.iacr.org/2012/374.pdf
>>
>> Abstract
>>
>> With the launch of Mac OS X 10.7 (Lion), Apple has introduced a volume
>> encryption mechanism known as FileVault 2. Apple only disclosed
>> marketing aspects of the closed-source software, e.g. its use of the
>> AES-XTS tweakable encryption, but a publicly available security
>> evaluation and detailed description was unavailable until now.
>>
>> We have performed an extensive analysis of FileVault 2 and we have
>> been able to find all the algorithms and parameters needed to
>> successfully read an encrypted volume. This allows us to perform
>> forensic investigations on encrypted volumes using our own tools.
>>
>> In this paper we present the architecture of FileVault 2, giving
>> details of the key derivation, encryption process and metadata
>> structures needed to perform the volume decryption. Besides the
>> analysis of the system, we have also built a library that can mount a
>> volume encrypted with FileVault 2. As a contribution to the research
>> and forensic communities we have made this library open source.
>>
>> Additionally, we present an informal security evalua- tion of the
>> system and comment on some of the design and implementation features.
>> Among others we analyze the random number generator used to create the
>> recovery password. We have also analyzed the entropy of each 512-byte
>> block in the encrypted volume and discovered that part of the user
>> data was left unencrypted.
>> ...
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
> _______________________________________________
>Do not post admin requests to the list. They will be ignored.
>Fed-talk mailing list (email@hidden)
>Help/Unsubscribe/Update your Subscription:
>
>This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden