An Analysis of Apple’s FileVault 2.
This is an analysis of Apple’s disk encryption program, FileVault 2, that first appeared in the Lion operating system. Short summary: they couldn’t break it. (Presumably, the version in Mountain Lion isn’t any different.)
[Schneier on Security]
This is good news, but of course it’s important to keep in mind that FileVault 2 security can be compromised by accepting the option (on by default, as I recall) to send a recovery key to Apple. The best security in the world is useless if you give the keys to someone who will give them up the first time some thug points a gun at him.
My new Retina screen MacBook Pro arrived today. I’d been planning to buy one even before they were announced, on the assumption they would come out sometime this year, and my old MacBook Pro (an early 2008 model) died just as they were being announced.
Although the improved screen is noticeable, the biggest improvement to me is how much lighter it is than the old model it replaces. On the other hand, all was not perfect–for some reason, it came without a recovery partition. Since this model doesn’t have a DVD drive and didn’t come with a system disc, this would be pretty bad for anyone who got it as their only Mac and then had a problem. It also kept me from turning on Filevault, which requires the presence of a recovery partition. Fortunately, some searching turned up instructions on how to create a recovery partition on a system that didn’t have it.
Apple holds the master decryption key when it comes to iCloud security, privacy [Ars Technica]
The folks at Ars Technica noticed the same thing I did about their earlier article and actually investigated.
Call Encryption App Costs More Than Your iPhone. If you really had reason to encrypt your phone calls — or were on the payroll of the MI6 – perhaps a $1,600 yearly subscription to a cell phone call encryption app service would make sense.
[…]
While the app is free to download, both the caller and the receiver have to join the service that costs several times more than their phones. [Cult of Mac]
Alternately, you could buy Groundwire for $9.99, and then spend another $24.99 on “ZRTP For Outgoing Calls” as an in-app purchase if you want to make outgoing encrypted calls. Support for incoming calls is included in the basic app, and no yearly subscription is required. The price difference is so enormous that I can’t imagine any legitimate reason why anyone would pay for the overpriced option. I therefore must conclude that it really is intended only for government employees.
End-to-End Encrypted Cell Phone Calls.
Android app. (Slashdot thread.)
From the article:
RedPhone uses ZRTP, an open source Internet voice cryptography scheme created by Phil Zimmermann, inventor of the widely-used Pretty Good Privacy or PGP encryption. […] TextSecure uses a similar scheme developed by cryptographers Ian Goldberg and Nikita Borisov known as “Off The Record” to exchange scrambled text messages.
RedPhone uses ZRTP, an open source Internet voice cryptography scheme created by Phil Zimmermann, inventor of the widely-used Pretty Good Privacy or PGP encryption.
TextSecure uses a similar scheme developed by cryptographers Ian Goldberg and Nikita Borisov known as “Off The Record” to exchange scrambled text messages.
This means that you could talk securely to anyone using Zfone on a computer, and IM securely to anyone with Adium or another app that supports the OTR protocol.
There’s also this rather important distinction from Skype, the “security” of which I’ve criticized before:
Whisper Systems’ apps aren’t the first to bring encrypted VoIP to smartphones. But apps like Skype and Vonage don’t publish their source code, leaving the rigor of their security largely a matter of speculation.
This thread in SourceForge suggests that the GPGMail plugin, needed to integrate GPG with Apple Mail, has found a new developer who is updating it to work with Snow Leopard. This is good news, as PGP is once again insisting that they will not update their own Mail plugin–they really want to force their customers into using their horribly crappy encrypting proxy, which is something I certainly won’t do.
After trying it for three weeks without problems, I bought the latest version of PGP Desktop Professional, which includes whole disk encryption. Both my MacBook Pro’s internal hard drive and the external drive I use for Time Machine backups have gotten along with it just fine, even through the system update to 10.5.7. For the most part there’s no noticeable impact on performance, but then my laptop doesn’t do anything really disk intensive–all my photography work happens on a different computer which I will not be encrypting. There did seem to be a slowdown in Time Machine backups, but that’s not an area where performance is really relevant. I would really prefer to use TrueCrypt, but as it currently can only do whole disk encryption on Windows (where I have been using it for some time), that wasn’t an option.
The rest of the PGP Desktop package gets a mixed review. I had looked at PGP last summer and dismissed it as unacceptable because of the horribly designed proxy it relies on for encrypting email, but this time around I discovered that there is also an officially unsupported plugin available for Mail. The plugin works the same way as the GPGMail plugin, but with fewer features. This is not surprising, as they have the same author. Apparently some brainless product manager at PGP Corporation had decided to kill the plugin (presumably to force users into using their worthless proxy), and it was brought back by popular demand.
Since the last time I looked at PGP, it’s lost the ability to communicate with public key servers other than the one actually run by PGP Corporation, which very few people use. According to a thread on the PGP support forum, the developers know about this bug and just don’t care about fixing it. Well, nobody will ever accuse the PGP Corporation of having good customer service or QA! Fortunately the keyservers have web interfaces so the problem can be worked around as long as you’re using the “unsupported” Mail plugin. Anyone foolish enough to use the proxy will be out of luck, though.
I ultimately decided to switch from GPG to PGP for my email needs, at least for the moment, because while both of them have huge problems on the Mac, PGP’s refusal to work with keyservers that aren’t owned by the PGP Corporation is less of a problem than the hideously unusable keychain management that GPG inflicts.
This was posted on the PGP-Basics mailing list by Robert J. Hansen:
Some researchers are claiming they’ve been able to make the Shengdong University attack on SHA-1 a factor of about 2000 times easier. If their research is correct, that means SHA-1 is now attackable by regular people. These results are not unexpected. We knew this day would come. For the last couple of years most crypto nerds have been strongly recommending people either migrate away from SHA-1 immediately, or at the very least have a migration plan put together. If you have already migrated — then you may ignore this development. If you have not — then it is increasingly urgent you do so. Original URL: http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
Some researchers are claiming they’ve been able to make the Shengdong University attack on SHA-1 a factor of about 2000 times easier. If their research is correct, that means SHA-1 is now attackable by regular people.
These results are not unexpected. We knew this day would come. For the last couple of years most crypto nerds have been strongly recommending people either migrate away from SHA-1 immediately, or at the very least have a migration plan put together.
If you have already migrated — then you may ignore this development.
If you have not — then it is increasingly urgent you do so.
Original URL:
http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
Review: PGP Whole Disk Encryption for Mac OS X [Paul Stamatiou]
Another good review. This one doesn’t mention Time Machine, but goes into more detail on cold boot attacks.
Securing Your Disks with PGP Whole Disk Encryption [TidBITS: Mac News for the Rest of Us]
A generally good review of the new PGP disk encryption software, but I do see a couple of problems. First, the author only hints at how it works with Time Machine, which is an area of interest to me. In theory it should be fine (although obviously you’d need to encrypt Time Machine’s backup volume too), but when it comes to software compatibility theory and practice often diverge.
Second, the author says that it’s a “limitation” that PGP Whole Disk Encryption only secures your data when the computer is off, and not just while it’s asleep. I consider that a necessary function, not a limitation. Because it’s entirely possible to recover sensitive data (such as the passphrase for the hard drive) from a “sleeping” computer’s memory, claiming to encrypt when a computer is put to sleep would only be providing a false sense of security.
I’m interested in this product for my own use, but given PGP, Inc.‘s rather spotty record to date (they’ve managed to render their main PGP product unusable in the name of usability improvements), I’m waiting for a while to be sure that there aren’t any hidden problems.
