how secure is Keychain Access and screen lock?

Question

Level 1

33 points

how secure is Keychain Access and screen lock?

I've recently started using Keychain Access to manage passwords, but I'm skeptical. How secure is it?

As an added security measure, I've setup my Mac to require a password when waking the computer from sleep or screen saver. How safe is this feature?

I guess if someone were to take out my harddrive they would have access to my files, but my Keychain passwords would still be safe, right? Is the screen/sleep password protection pretty secure?

MacBook (Intel), Mac OS X (10.5.2)

Posted on Feb 27, 2008 6:08 PM

Reply

Answer 1

Feb 27, 2008 8:59 PM in response to audiofreq

The keychain is encrypted using a key derived from your login password. If your login password is very easy to guess then that decreases the security of your keychain. If your password is hard to guess than that's much better.

If you configure the system to require a password to unlock after screensaver or wake from sleep, then the keychain is effectively re-locked and wont be unlocked until that password has been entered.

If your computer is powered off and someone steals it, it's exceedingly unlikely that they'd be able to unlock your keychain.

If your computer is on, but either sleeping or in screensaver (and password is required to exit screensaver or wake from sleep) then you're "fairly safe", but I would be remiss if I didn't point out that an attack was already demonstrated to show that there is a mechanism to get the key used for Filevault (and a similar attack for MS BitLocker as well as an attack for TrueCrypt -- all three are filesystem encryption schemes). Based on the strategy of the attack, it could likely be adapted to attack keychain... although no such attack specifically against keychain has been demonstrated to my knowledge.

Bottom line is you're actually pretty safe... although nothing is ever 100%.

The good news is that the vulnerability reported against the disk encryption schemes is of a type that should be easily remedied (they simply failed to obliterate the in-memory copy of the key when re-locking the filesystem. So one wonders if Apple properly obliterates the in-memory copy of the encryption key used to protect keychain when the keychain is re-locked.)

Regards,
Tim

Reply

Answer 2

Feb 27, 2008 9:01 PM in response to audiofreq

Items in your keychain are quite secure, if your keychain password itself is secure.

Screen saver password isn't all that secure. Someone can just reboot the machine holding down the 'T' key and it will mount to any machine as an external drive. They can then disable permissions (it's just a checkbox) and access every unencrypted file on the system. It's trivial, and it's easier than removing the hard drive.

The only way to really shore up that would be to use FileVault, which would protect against it nicely. But in either case your Keychain passwords would be safe, yes.

Reply

Answer 3

audiofreq Author

Level 1

33 points

Mar 2, 2008 6:48 AM in response to William Lloyd

Thanks for the response. So the "boot as external drive" method will give them access to my files, but how easy would it be for a thief to get around the password, reformat my comp, or do whatever else that would allow them to use or resell my computer?

Also, from what you're saying, it seems like even encrypted disks are vulnerable to attack from thieves with even the slightest know-how, right? In that case, I might stick to my other idea to keep secure documents on a flash drive in a locked safe. The inconvenience of this doesn't bother me too much.

So the screen-lock method isn't very secure, but what about logging off? If I log off, would a thief still be able to use the "book as ext" option?

Really the most important thing for me is that the keychain passwords aren't able to be accessed, so I guess I'm good on that base. Thanks for your help.

Reply