Re: [Fed-Talk] Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption
Re: [Fed-Talk] Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption
- Subject: Re: [Fed-Talk] Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption
- From: "Pike, Michael (IHS/HQ)" <email@hidden>
- Date: Mon, 27 Aug 2012 15:25:38 +0000
- Thread-topic: [Fed-Talk] Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption
That's good to hear :)
I will admit I didn't read it in depth because it came in on my phone while at a red light and i read it in about 10 seconds and replied immediately....
I think it's rather stupid to even brag about this if you require the password! If you have the password/decryption key why do you need any forensic tool?
mike
On Aug 27, 2012, at 8:47 AM, Miller, Timothy J. wrote:
> Don't panic. :)
>
> The paper simply presents the reverse-engineering of the key schedule and
> how FV2 handles encrypted data. Interesting, but not a crack. That a FV2
> VMK is resident is memory (after bootstrap) is a "no duh" finding, and
> even the authors note it's not solved (nor is it solvable--the FS driver
> needs the master key, or you don't get your data). Additional obfuscation
> of the in-memory key, IMHO, is not a barrier worth a lot of time.
>
> FV2 security still rests on the user's password quality and secrecy.
>
> -- T
>
> On 8/27/12 9:31 AM, "Pike, Michael (IHS/HQ)" <email@hidden> wrote:
>
>> How can this be???
>>
>> Schroeder and others assured me it was not crackable. Not even by NSA.
>>
>> Mike
>>
>> Sent via my iOS 6 Device
>>
>> On Aug 27, 2012, at 8:04 AM, "Jeffrey Walton" <email@hidden> wrote:
>>
>>> http://eprint.iacr.org/2012/374.pdf
>>>
>>> Abstract
>>>
>>> With the launch of Mac OS X 10.7 (Lion), Apple has introduced a volume
>>> encryption mechanism known as FileVault 2. Apple only disclosed
>>> marketing aspects of the closed-source software, e.g. its use of the
>>> AES-XTS tweakable encryption, but a publicly available security
>>> evaluation and detailed description was unavailable until now.
>>>
>>> We have performed an extensive analysis of FileVault 2 and we have
>>> been able to find all the algorithms and parameters needed to
>>> successfully read an encrypted volume. This allows us to perform
>>> forensic investigations on encrypted volumes using our own tools.
>>>
>>> In this paper we present the architecture of FileVault 2, giving
>>> details of the key derivation, encryption process and metadata
>>> structures needed to perform the volume decryption. Besides the
>>> analysis of the system, we have also built a library that can mount a
>>> volume encrypted with FileVault 2. As a contribution to the research
>>> and forensic communities we have made this library open source.
>>>
>>> Additionally, we present an informal security evalua- tion of the
>>> system and comment on some of the design and implementation features.
>>> Among others we analyze the random number generator used to create the
>>> recovery password. We have also analyzed the entropy of each 512-byte
>>> block in the encrypted volume and discovered that part of the user
>>> data was left unencrypted.
>>> ...
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Fed-talk mailing list (email@hidden)
>>> Help/Unsubscribe/Update your Subscription:
>>>
>>> This email sent to email@hidden
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden