Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > macOS > Security of encrypted disk images

Security of encrypted disk images
Thread Tools
vwgtiturbo
Forum Regular
Join Date: Feb 2007
Status: Offline
Reply With Quote
Aug 15, 2008, 11:35 AM
 
Hello there, I have been using Disk Utility/Knox to create encrypted disk images for some time. Instead of entering the ridiculous password every time I wanted to work on these files, I would check the 'Remember this password' option in the mount dialogue. Then it occurred to me that it may not be very smart to do that. I know that the user's password can be reset with an install disc, as I've had to do it to machines that a friend was buying on eBay. Now, I may be off my rocker, but once the password is reset, the thief would have access to the drive, and simply mounting the encrypted file would auto mount it, correct? Since I had checked 'Remember password', it should just mount up, or am I crazy? Any insight from someone that has more of a clue would be greatly appreciated.
Black 13" Widescreen MacBook
2.0Ghz C2D, 2GB RAM, 320GB HDD
Mac OS X v10.6 Snow Leopard
     
zombie punk
Dedicated MacNNer
Join Date: Jul 2008
Status: Offline
Reply With Quote
Aug 15, 2008, 11:39 AM
 
You are correct that by allowing the encrypted volume to be accessed by the remember password option you have vastly reduced the security you had. Someone who knows your login password would have access to the encrypted volume. Reseting the login password would not give you the keychain one though.
     
Art Vandelay
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status: Offline
Reply With Quote
Aug 15, 2008, 11:47 AM
 
No, they wouldn't have access to the KeyChain where all the passwords are stored. When you reset a password via the Install disc or another admin account, it doesn't change the KeyChain to match the login password.
Vandelay Industries
     
vwgtiturbo  (op)
Forum Regular
Join Date: Feb 2007
Status: Offline
Reply With Quote
Aug 15, 2008, 11:57 AM
 
So, even though they could browse the hard drive, would they have to enter the old password to access a Keychain item? Or, is there a way to also reset the Keychain password? I'm just trying to keep myself from defeating the purpose of the encrypted disk images, so I appreciate the insight!
Black 13" Widescreen MacBook
2.0Ghz C2D, 2GB RAM, 320GB HDD
Mac OS X v10.6 Snow Leopard
     
vwgtiturbo  (op)
Forum Regular
Join Date: Feb 2007
Status: Offline
Reply With Quote
Aug 15, 2008, 12:04 PM
 
This answers my question: http://support.apple.com/kb/HT1631
So, in summary, you will STILL need the OLD password to reset the Keychain password. Sweet... So I can select to remember password with little ill-effect.
Thanks for the help guys!
Black 13" Widescreen MacBook
2.0Ghz C2D, 2GB RAM, 320GB HDD
Mac OS X v10.6 Snow Leopard
     
zombie punk
Dedicated MacNNer
Join Date: Jul 2008
Status: Offline
Reply With Quote
Aug 15, 2008, 12:06 PM
 
Art - that was what I was getting at about the reduced security.
If the laptop is swiped while you are logged in, a thief could gain access.
     
vwgtiturbo  (op)
Forum Regular
Join Date: Feb 2007
Status: Offline
Reply With Quote
Aug 15, 2008, 12:07 PM
 
Good point... I do have it set to log me out after 15 minutes, so at least there is a narrow window. I do always lock the screen when I walk away, so it should be ok...
Black 13" Widescreen MacBook
2.0Ghz C2D, 2GB RAM, 320GB HDD
Mac OS X v10.6 Snow Leopard
     
Art Vandelay
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status: Offline
Reply With Quote
Aug 15, 2008, 12:13 PM
 
You can only change the KeyChain password if you know the original.

You're still better off not storing sensitive passwords in the KeyChain. If you forget to logoff, then they have access to everything in your KeyChain since it's unlocked by default during your session.
Vandelay Industries
     
ginoledesma
Mac Elite
Join Date: Apr 2000
Location: Los Angeles, CA
Status: Offline
Reply With Quote
Aug 15, 2008, 11:17 PM
 
It also helps if your Keychain password is distinct from all your other passwords.
     
OreoCookie
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
Aug 16, 2008, 08:39 AM
 
Originally Posted by Art Vandelay View Post
You're still better off not storing sensitive passwords in the KeyChain. If you forget to logoff, then they have access to everything in your KeyChain since it's unlocked by default during your session.
Not quite true. You can easily create a separate keychain with a separate password that locks automatically. It's mostly out of convenience that most people don't do this.
I don't suffer from insanity, I enjoy every minute of it.
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Aug 16, 2008, 09:22 AM
 
I think most people just don't think about what Keychain is, and what they can do with it. Having the ability to have multiple chains with different settings makes it a very handy thing indeed. But most of us just see it as ONE chain because that's all that happens by default. There's no icon-button that says "New Keychain" so you don't even run across this possibility when you open Keychain Access... But it's there, under "File."

Glenn -----OTR/L, MOT, Tx
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 08:38 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,