[OSX-Users] Re: Filevault vulnerable to decryption attack...
Steve Harris
S.W.Harris at ecs.soton.ac.uk
Thu Feb 2 09:28:18 GMT 2012
On 2 Feb 2012, at 00:02, Philip Boulain wrote:
> On 01/02/2012 21:59, Chris Andrews wrote:
>> http://www.appleinsider.com/articles/12/02/01/forensics_vendor_warns_mac_os_x_filevault_vulnerable_to_decryption.html
>>
>> tl;dr - shut your computer down if you really don't want your data decrypted because they're using live memory analysis.
>
> This seems like a massive "um, duh" news article: if your encrypted filesystem is currently mounted, the encryption key is held in memory. And if you're root, you can probably scrobble through memory! Holy the-completely-bleeding-obvious, Batman!
Quite.
You can tell OSX to lock your keychain(s) when the screensaver kicks in, or when you suspend. I have two keychains on my system, one with important stuff in like work SSH keys, and one for stuff like website passwords - the important one is set to lock on suspend and screen saver. It was a pig to set up though, and I don't remember if I blogged about how to do it.
- Steve
More information about the Osx-users
mailing list