|
|
FileVault a sham? MacLockPick util claims to gain entry
|
|
|
|
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jun 2006
Status:
Offline
|
|
Unless I missed something it did not mention file vault. Not that I use file vault the risk of losing the entire volume if data corruption occurs to too great. of a risk
|
Michael
|
|
|
|
|
|
|
|
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status:
Offline
|
|
It mentioned encrypted disk images. That's basically all filevault is.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: May 2001
Location: Portland, OR
Status:
Offline
|
|
Originally Posted by Cold Warrior
It's probably a brute force attack. Which only works if you have a lot of time you're spending with the laptop.
|
8 Core 2.8 ghz Mac Pro/GF8800/2 23" Cinema Displays, 3.06 ghz Macbook Pro
Once you wanted revolution, now you're the institution, how's it feel to be the man?
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jun 2006
Status:
Offline
|
|
Originally Posted by Cold Warrior
It mentioned encrypted disk images. That's basically all filevault is.
Oh ok, I was looking for file vault
|
Michael
|
|
|
|
|
|
|
|
Junior Member
Join Date: Apr 2005
Status:
Offline
|
|
After reading the details of this tool and how it works I don't think FileVault is in anyway compromised. This tool requires:
1) The user is logged in, and
2) The investigator has access to the system to run the app.
It works by extracting data out of the unlocked Keychain when a user is logged in. It cannot crack an encryted image that is not mounted and does not have the password stored in your keychain.
It also can not crack your FileVault protected volume if you are not logged in. I.e., your keychain is not unlocked and is inside your encrypted home disk image.
So, if you are worried for some reason, log off when you are not using your system.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Could this be considered commercial malware?
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Junior Member
Join Date: Apr 2005
Status:
Offline
|
|
Originally Posted by Big Mac
Could this be considered commercial malware?
From Wikipedia : "Malware is software designed to infiltrate or damage a computer system without the owner's informed consent"
The docs says nothing is written to the suspect's machine. Notice the word "suspect". Their word, not mine. This, coupled with the fact that only licensed law enforcement agents can buy it, implies that informed consent isn't necessarily required (i.e. a warrant).
So, the short answer IMO, is no it is not malware.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jan 2003
Location: ~/
Status:
Offline
|
|
Anyway, using FileVault so a legitimate law enforcement agency can't get in to your computer with a valid warrant isn't going to help. If they have a valid warrant, claiming you "forgot" your password is a good way to land your butt in jail on contempt of court charges.
Basically, if they can find the encrypted image, you're compelled to supply the password.
There is an open-source application, don't recall what its called, for Windows and Linux (coming soon for MacOS X, IIRC) that produces an encrypted disk image that doesn't exit in the file system as a discrete file, thus it cannot be differentiated from random data on the HD platter surface. You just have to make sure no log files exit of your use of it.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status:
Offline
|
|
Unless you are a U.S. person and take the 5th Amendment - i.e., providing the password would incriminate yourself (because you'd be giving law enforcement access to incriminating information). Therefore, you invoke your right against self-incrimination.
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Nov 2001
Location: Oregon
Status:
Offline
|
|
Originally Posted by Scott-G
if you are worried for some reason, log off when you are not using your system.
Or set your keychain to auto-lock after n-minutes of inactivity.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|