Keychain Security

[ncarraway]

Hi,
I was just reading up on Mac OS X's keychain, and Apple states that if you forget your keychain password, you can reset it by booting up Mac OS X with your OS Installation disk loaded, and then you can change the administrator's password, which will also change the password for the keychain. Isn't this a huge back door to all the passwords stored in keychain, or am I missing something?
thanks

 

[Flying Meat]

Yes. Yes it is. Put your CD in a safe place, or better yet, set the firmware password so you cannot boot off of anything but the internal hard drive.

Local access to your machine should be protected if you are concerned at all with the data stored on it. This is not specific to Macs, however. You can boot a PC off CD as well, then if it's the right CD, you can alter passwords. You can also pull the disk out of the machine and read the data when the drive is mounted as a secondary volume.

So, yes. Keychains are good (though I'm not terribly impressed with the technology myself).

While you are looking at security, File Vault "seems" to work pretty well in Tiger, and can add another significant hurdle for hackers/crackers when you are not actually logged into the machine.

 

[ncarraway]

Well, that makes keychain pretty much a waste of time, doesn't it? Especially for laptops, which can easily be lost.

Does that backdoor apply to secondary keychains that might have been created, or just the primary? And does it apply to ANY OSX CD or is it tied to the OSX Cd that came with the computer (I can't imagine it'd be the latter, but you never know).

 

[Flying Meat]

it's not useless, just less secure than you thought it was. Basically, it provides a way for passwords etc. to be stored so that you are the only person that can use them. If a user copies your keychain (have to be admin to do that (and likely have to be a jerk too)) then they still don't have access to your stored passwords etc.)

It's not really designed to be absolutely the single most secure method known to humankind. It's designed to be reasonable secure against remote hacking or casual hacking. Better than a text document in the Shared folder. Better than a post it note stuck to your machine.

If you are really that concerned, then there are options that are somewhat better. The downside of some of the better ones is, that if you forget your password, that data is gone forever.

 

[Flying Meat]

Boot CDs generally can be used to boot a few different models, depending on how different the models are. That allows for Emergency situations.
If that is a concern for you, then set the firmware password.

As far as I know, the user's primary keychain password is all that is needed to access the user's keychain items. The presumption is, that if you have the keychain password, you are the user, and the keychain items are available to the user.
Logical.
If the user has to type a different password to access the keychain items, that is what would indeed make the keychain a waste of time, since the user might as well just remember every keychain item's data and save the trip to the keychain.

For a while, the more you know about security, the less safe you will feel.
Do you backup your hard drive?

 

[ncarraway]

I backup the important documents (photos, files, etc) on my hard drive. Most of these are kept on my windows machine in a truecrypt vault. Truecrypt isn't available for Mac OSX but I think file vault is somewhat similar, although not open source.

You said that no one would have access to my keychain info; however, if i misplace my laptop, then someone will be able to gain entry to all my keychain passwords, so long as they posses a Mac OSX CD (trivial, no)? I don't ming having something where if I lose the master password, the data is gone (its the price one pays for security, i guess!).

I'll check the firmware password, that seems reasonable (although I have no idea how to do it yet). My guess is that it would allow for the firmware can be altered to boot from a cd, so long as you have the correct firmware password? that's probably sufficient!

 

[eric2006]

You said that no one would have access to my keychain info; however, if i misplace my laptop, then someone will be able to gain entry to all my keychain passwords, so long as they posses a Mac OSX CD (trivial, no)? I don't ming having something where if I lose the master password, the data is gone (its the price one pays for security, i guess!).

Your keychain info is relatively safe. Even if your account password is reset, your keychain retains your original password. It is trivial, however, to wipe/copy/alter the data on the computer, if no firmware password is in place. The basic OS X setup assumes that the computer is in a physically "safe" place.

 

[Flying Meat]

Your basic opportunistic thief will not generally bother with hacking your data. They just want the money they can get for the laptop. If they go so far as to get a boot CD that is capable of booting your particular machine, they'll probably just wipe it and then sell it, if they even bother to do that.

But you are right to be concerned, and also to do what you can to minimize the potential for exposure of your data. You should know however, that firmware passwords can be gotten around also, and you can probably use google to find the way to do it.

About the only things you can do is to use File Vault (storing the only copy of the Master Password keychain in an off-machine secure location so that even root can't decrypt your vault), Open Firmware password, disable "safe sleep", install and use gpg for email, VPN when available, buy and install LoJack (to help get your computer back as soon as possible), store reeeally secret stuff in an encrypted disk image with a different password in your File Vaulted account, all with very strong passwords,..

In short, there are quite a few things you can do to limit the potential for exposure of your data.

 

[eric2006]

Even a firmware password can be reset if they really want to. FileVault is often too drastic - it will encrypt everything in your documents directory, and possibly cause problems. A better solution would be to only encrypt what you need to, and make a secure disk image for that stuff:
http://www.macworld.com/2006/10/secrets/decmobilemac/

 

[ncarraway]

Cool, thanks guys. I didn't realize that Mac had a utility that is similar to Truecrypt. that is better than encrypting the entire drive. It would be nice if truecrypt offered an OS X version, so I could access the same encrypted folder on multiple machines! One day, maybe.

Thanks

 

[lurk]

Just to make it clear about some of the above misinformation. You cannot reset the password on the keychain in any way shape or form without having the previous password. It is encrypted on the disk using AES which makes it pretty darn good, not next to useless. A thief could only get the encrypted file which would need to be brute forced.

Now, as with all things security based, there might be a week link in the automatic login system if you use the same password on your keychain and your account. But that is more akin to the problem if keeping your password on a post-it stuck to your monitor.