Hi Allan
I've been considering the relative merits of keychains and an encrypted disk image for some time and discussed it briefly with Ferd II
here. I was interested to note your comment about being unable to reset the login keychain password after resetting the admin password on a computer with the install disk. This seems to contradict Ferd's opinion.
I think that Ferd's recommendation of the encrypted disk image for sensitive data is more flexible than keychains because you can store anything in one.
On the other hand, I really like it that my login keychain remembers all my logins for me and would prefer to use it to store sensitive information if I was taking an acceptable risk using it. I don't fully understand the risks. Maybe you could answer the following?
1. If I remained logged into my computer but with the screen lock on, how would someone get at the contents of my keychain?
2. If I remained logged into my computer but put it to sleep, how would someone get at the contents of my keychain?
3. If my computer was shut down, how would someone get at the contents of my keychain?
4. Encrypted disk images use AES and keychains use 3DES. Does this really matter?