It is now known that Apple will use proprietry encryption technology in OS9. There implimenatiom of the security features relies on FEE, Fast Elliptical Encryption, a technology totally un tested and not in the least bit secure from what I can gather fro m the paltry data extracted from the www and boooks on the subject.

Can anyone here convince me that Apple is not providing a wet paper bag of a tcchnology. Security gets increasingly important. And whilst everyone who's anyone in the encryption business swears by IDEA or BlowFish, why does Apple reply on such an unknown.

I know they have the clever Dr. Richard Crandell(?) working on this tech at Apple. But his entropic theories have not been put to the test.

Can anyone reassure me on this subject as each and every day sees encroacnment into out Data by the tactics of Intel and M$.

Regards,
Neal

p.s Will a user be able to drag/drop whole folders to encrypt/decrypt or just individual files?

The elliptical curve encryption doesn't look too bad.

Check out http://www.idg.net/go.cgi?id=147369 to see one example of its acceptance by people (ABN-AMRO Bank, American Express, Deloitte & Touche, Hitachi Ltd., Inter Clear Service Ltd., Visa International, Pitney Bowes, HP) who have much to lose if it weren't secure enough. The Health Care Financing Administration has also agreed to use it,

For us users with little math knowledge to really judge how good a crypto system really is, how difficult to crack it is a useful benchmark. So, http://www.inria.fr/Actualites/pre55-eng.html and http://cnn.com/TECH/computing/9909/2...idg/index.html have a recent report of the effort needed to crack a 97-bit elliptic curve code. It took 16,000 MIPS-years, twice as much as cracking a 512-bit RSA problem.

Note that the length of the keys for elliptic curve cryptography will be >160-bits (see a Centricom whitepaper: http://www.certicom.com/ecc/weccrypt.htm), that will be comparable to 1024-bit RSA to crack.

You honestly think Apple has a clue about encryption? Their file encryptor is weak crypto. FEE is a proprietary joke. Anything proprietary in the crypto world is a joke. Their ASC (Apple Secure Compression) is an even bigger joke. Multiple Users security is bypassed by simply botting from a CD. These guys are smoking something. I would never depend on Apple for security. PGP 6.5.1 especially PGPdisk is where it's at.

Multiple Users security is bypassed by simply botting from a CD. These guys are smoking something. I would never depend on Apple for security.

Multiple Users is not designed to keep people locked out as much as it is keep settings seperate. I'm not aware of any Apple materials that claim otherwise. The intention is mainly that family users can share a Mac.

What they do claim is that encryption == privacy. To the best of my knowledge, simply bypassing Multile Users does not decrypt files. The issue of "how good is FEE?" is up for discussion. I agree Apple should have just gone with PGP, but I'm no cryto expert.

As far as why they chose FEE, I think they've had it lying around for a while (there was talk of using it in Rhapsody). Not a justification, an explanation. Several years ago, PGP was not the force it is now.

- Scott

Further clarification on this:

"If, however, it's people pretending to be you, no dice: they can talk and talk till they're blue in the face, and Mac OS 9 will deny them access to your personal files."
http://www.apple.com/macos/feature3.html


It's a bit nebulous, but basically, you can encrypt files. Booting from a CD to circumvent Multiple Users (assuming that really does work), doesn't get you into encrypted files.

Also -- Cyphers, you say "FEE is a proprietary joke." What does that mean exactly? Does that mean you have successfully cracked it in a reasonable amount of time?

Thanks,

- Scott

No, it means that from the perspective of the cryptographic community, proprietary algorithms are an oxymoron. Algorithms require in some cases decades of peer review in order to truly become trusted. FEE is an algorithm that is very new and has spent most of its life essentially hidden from view. Frankly, I think the question that went through the minds at Apple was "What algorithm can we use to differentiate ourselves?" rather than the more obvious "What algorithm can we use to make this secure and trusted?" They thought different for the sake of thinking different.

Obviously the multiple users issue has nothing to do with this directly. But if the question is whether you can decrypt files, the file encryption in standard MacOS 9 is weak crypto of course so that the OS can be exported. A simple brute force attack should be able to break it in a reasonable amount of time. It is only a matter of time before someone writes a screen saver which cracks encrypted MacOS 9 files in the background just like the S/MIME one that came out last year.

Actually, I'd like to know how FEE differs from ECC. Elliptic Curve Cryptography was developed in 1985, and Japanese companies Hitachi and Matsu****a have been working on it the last few years. The real force in ECC these days seems to be Certicom.

ECC's benefit over RSA is speed: a 160-bit ECC key should be just as secure as a 1024-bit RSA key, but requires less computational power to encrypt and decrypt. If ECC has a weakness, it's that it hasn't been around as long as RSA, and so it hasn't been subjected to as many attacks. But that doesn't mean that it's insecure; there are plenty of large companies using it, including AT&T, Hewlett Packard, and Bank of America.

From an article entitled "baa9916cryptofinal-public.doc" on PGP's site, I found the following information:

"ECC's unique properties make it especially well suited to applications where processing capability is severely limited, since it provides the highest strength per bit of any cryptosystem known today."

If PGP is themselves investigating and/or considering ECC, how weak can it be? Phil Zimmermann wrote this today in reply to my questions about ECC and FEE:

"We don't use ECC because we don't mind using larger keys. Desktop machines
have plenty of CPU power and storage, so we use other public key algorithms,
and get other flexibilities that way that are not available to us if we use
ECC. The algorithms we use have a longer more proven track record than ECC
algorithms. We may use ECC someday, but it will be so that we can run in
smartcards or other handheld devices that have less CPU horsepower."

You can find a good (if a little old) overview of ECC history and explanation at http://www.cjmag.co.jp/magazine/issu...takezaki.html. Certicom has an ECC tutorial at <A HREF="http://www.certicom.com/ecc/enter/index.htmA>

Make of this what you will, but I've found nothing on the web about FEE, and nothing relating it to ECC; I'm just guessing that there's a relationship because they're both based on elliptical encryption.

An interesting link can be: http://www.cwi.nl/~kik/persb-UK.html It's about the cracking of a 512-bits key used within many e-commerce transactions.

[freaktornado]

Am I totally off my rocker or do I correctly recall reading somewhere that the encryption technology in OS9 had some sort of plug-in architechture, so that other encryption algorithms could be used in the future??

[LuckyJack]

While I agree it would have been better to use a tested, open algorithm for the encryption, I also welcome the presence on my computer.

I'll use the FEE encryption (when I get os9) for most of my files. What I've got on my computer right now -- unecrypted -- will simply be encrypted with FEE. It's better than where things are right now. If I have some hard-core spy data, sure, I'll use something stronger.

Using the analogy that Zimmerman uses in the PGP readme: my files right now are on postcards, read by anyone who cares to look. Encryption provides an envelope, a degree of privacy. The fact that the envelope can, with some degree of effort, be opened is acceptable as long as the degree of effort is known. When I need stronger encryption (which I haven't felt motivated to so far), I'll get stronger encryption. I appreciate the fact that Apple has included any encryption at all.

While it may not be the most robust algorithm available, it's better than plaintext.

[ToastyKen]

As far as I can tell, if you can bypass multi-user simply by using a boot disc, then all that voiceprint stuff is just completely for show, since you don't even need a password to see stuff as long as you have a different boot disc.

That seems pretty silly.

As far as I can tell, if you can bypass multi-user simply by using a boot disc, then all that voiceprint stuff is just completely for show, since you don't even need a password to see stuff as long as you have a different boot disc.

Please check out my message earlier in the thread, posted 10/07.

- Scott

[tadd]

Scott (and others),
regarding access to the FEE encrypted files:

Do I understand correctly that access to those files is available without password, only if the user logged in via the typical OS9 startup and that otherwise the user has to provide the FEE password used to decrypt the files?

Also, the keychain: Is the keychain accessable to someone who boots off of the CDROM?

Thanks!

------------------
Tadd Torborg

Tadd,

The user will be able to see the names of the encrypted files, but if he/she double-clicks on them, they'll be prompted for a password (and denied access when they don't have it).

On another topic, I read over the help on "encryption" in OS 9, and saw the whatever they are using (elliptic, RSA, they don't say), it's only 56-bit!

I'd guess that they chose 56-bit so they could export the OS without having to modify it for international markets.

But it sure does seem stupid that my Palm III, with Certicom's freeware 163-bit memo encryption, is cryptographically stronger than my B&W G3 or iBook..

[wlonh]

http://www.smartmac.com/

...an article that details the encryption technology used in Mac OS 9.