Difference between pages "File:Huser Timothy SIMCon paper.doc" and "File Vault"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(This is an overview of some of the abilities of SIMCon v1.1 as well as some of the flaws seen in the program through the aquisition of SIM cards.)
 
 
Line 1: Line 1:
This is an overview of some of the abilities of SIMCon v1.1 as well as some of the flaws seen in the program through the aquisition of SIM cards.
+
File Vault is the cryptographic file system developed by [http://www.apple.com Apple] and introduced with MacOS 10.3.
 +
 
 +
File Vault works by storing each user's home directory in an encrypted "[[.sparseimage]]" file. The file is automatically mounted when the user logs in and unmounted when the user logs out. All of the user's files and preferences are stored in this file.  The file's encryption key is stored in the .sparseimage file, but that encryption key is itself encrypted with the user's login password.
 +
 
 +
There are no known attacks against File Vault other than a brute force attack on the user's password.
 +
 
 +
As of OS X 10.5 (Leopard) Apple have moved from AES-128 to AES-256 for the encryption used in the disk image.
 +
 
 +
=== Links ===
 +
*You can find a good discussion of File Vault's usability shortcomings in [http://www.simson.net/thesis Simson Garfinkel's PhD Thesis].
 +
*[http://chaosradio.ccc.de/23c3_m4v_1642.html Unlocking FileVault] Talk at [http://events.ccc.de/congress/2006-static/static/2/3/r/23rd_Chaos_Communication_Congress_7c1f.html 23c3] (video)
 +
*[http://chaosradio.ccc.de/23c3_mp3_1642.html Unlocking FileVault] Talk at [http://events.ccc.de/congress/2006-static/static/2/3/r/23rd_Chaos_Communication_Congress_7c1f.html 23c3] (audio)

Revision as of 05:39, 26 October 2007

File Vault is the cryptographic file system developed by Apple and introduced with MacOS 10.3.

File Vault works by storing each user's home directory in an encrypted ".sparseimage" file. The file is automatically mounted when the user logs in and unmounted when the user logs out. All of the user's files and preferences are stored in this file. The file's encryption key is stored in the .sparseimage file, but that encryption key is itself encrypted with the user's login password.

There are no known attacks against File Vault other than a brute force attack on the user's password.

As of OS X 10.5 (Leopard) Apple have moved from AES-128 to AES-256 for the encryption used in the disk image.

Links

The following page links to this file: