brian_c

Q: Encrypted disk image sometimes mounts without password

I have an encrypted sparsebundle disk image containing sensitive information.  On occasion (maybe one time out of ten), I'm able to mount it without being prompted for the password.

 

The password for the image is not stored in my keychain.  Can anyone offer advice on this issue?

MacBook Pro, OS X Mountain Lion, 10.8.3, 15", i5, 2.4GHz, 8GB RAM

Posted on Mar 24, 2013 7:41 AM

Close

Q: Encrypted disk image sometimes mounts without password

  • All replies
  • Helpful answers

  • by Linc Davis,

    Linc Davis Linc Davis Mar 24, 2013 12:03 PM in response to brian_c
    Level 10 (207,983 points)
    Applications
    Mar 24, 2013 12:03 PM in response to brian_c

    Unless you've discovered an earth-shakingly important new bug, that isn't possible.

  • by brian_c,

    brian_c brian_c Mar 24, 2013 12:10 PM in response to Linc Davis
    Level 1 (9 points)
    Mac OS X
    Mar 24, 2013 12:10 PM in response to Linc Davis

    Well, it's been happening for months... it's so unlikely that I was even loathe to post about it.  I thought that maybe the disk wasn't properly unmounting (despite it no longer appearing in the Finder sidebar), so I ran 'diskuti list' in Terminal and was able to verify that the disk is not mounted.

     

    I wish I could reproduce the problem, but like I said, it only happens about 10% of the time.

  • by Linc Davis,

    Linc Davis Linc Davis Mar 24, 2013 12:53 PM in response to brian_c
    Level 10 (207,983 points)
    Applications
    Mar 24, 2013 12:53 PM in response to brian_c

    Frankly, I have no idea what to make of your report. I'd have to see it happen to believe it.

  • by brian_c,

    brian_c brian_c Mar 27, 2013 6:07 AM in response to Linc Davis
    Level 1 (9 points)
    Mac OS X
    Mar 27, 2013 6:07 AM in response to Linc Davis

    Ugh... just happened again.  It's so sporadic, I don't know how to pin it down.  This is driving me crazy, given how insecure it is.

  • by brian_c,

    brian_c brian_c Mar 28, 2013 9:39 AM in response to Linc Davis
    Level 1 (9 points)
    Mac OS X
    Mar 28, 2013 9:39 AM in response to Linc Davis

    OK, I was finally able to capture this while recording my screen with QuickTime.  Here are two videos showing the issue... one illustrates the disk image asking for password when opening, the other not asking for password:

     

    http://videobam.com/fqXrV

     

    http://videobam.com/umEvX

     

    Let me know what you think.

  • by winglet,

    winglet winglet Aug 3, 2013 4:38 AM in response to brian_c
    Level 1 (9 points)
    Aug 3, 2013 4:38 AM in response to brian_c

    I was having exactly this same problem!

     

    I keep a small encrypted disk image storing sensitive banking information. I do NOT have the option to store passwords in Keychain checked, and I verified that the password is not being stored in Keychain.

     

    Yet, when I double-clicked the supposedly encrypted sparsebundle disk image, it opened right up and mounted - no password required! Unbelievable, right? So I started to investigate.

     

    I first noticed this behaviour in Mountain Lion, I'm running 10.8.4 on a 2.7 GHz 15" MBPr.

     

    In past versions of OS X I would mount the volume to work on it by double-clicking on the disk image, enter my passowrd, and then Eject the volume either by dragging to the trash or clicking the Eject button on the Sidebar. The next time I would try to access the disk image by double-clicking it, it would again prompt for a password. All good.

     

    What seems to be happening in ML is, using the same workflow, even though the volume is disappearing from Finder, the disk image is not actually being unmounted!

     

    When I go to Disk Utility, the disk image is still mounted, but the volume is grayed out. When I Eject the disk image in Disk Utility, it then reverts to the expected bahaviour, and double-clicking on the disk prompts for a password.

     

    So the workaround seems to be when finished working on the volume, go to Disk Utility and manually Eject the disk image (as opposed to just the volume it mounts) to ensure it has unmounted and is thus again encrypted. The reason for it sometimes requiring a password, sometimes not is probably because after a restart of the computer it would unmount all disks, and then be unable to re-mount it until the password is entered. But in between, unless you were aware of this behaviour anyone with access to the disk image can view its contents.

     

    What a terrible security flaw IMO, as there is no visual indication in Finder that the disk image is still unprotected after you unmount its volume and that icon disappears! I'm surprised this hasn't gotten more attention.

     

    Incidentally brian_c, I tried to look at your linked videos but it returns the message that the videos violated the TOS of the site...?

  • by SamNavon,

    SamNavon SamNavon Mar 12, 2014 8:24 PM in response to brian_c
    Level 1 (0 points)
    Mar 12, 2014 8:24 PM in response to brian_c

    Just weighing in that this happens to me too and I echo the disbelief in such a significant bug and its lack of attention!

  • by mlmason,

    mlmason mlmason Sep 16, 2016 7:48 PM in response to SamNavon
    Level 1 (4 points)
    Sep 16, 2016 7:48 PM in response to SamNavon

    Bug confirmed:

     

    I am *not* prompted to skip remembering the password in the keychain. There is literally no box to tick under the password confirmation form.

     

    Secondly, in the keychain itself, I can find absolutely no record that the password was even saved to the keychain to begin with. Where did the password go? Is this disk image literally WITHOUT a password at all? Seems like pretty huge encryption bug and a fairly disturbing security flaw at that right here...