undefined | Better HN

0 pointsicebraining6y ago0 comments

Regarding the native key store, why not just use full disk encryption? The session-specific encryption never made much sense to me, unless you share the computer with others. How many processes do you really have that are not running under your user or root?

0 comments

fauigerzigerk6y ago

I do use full disk encryption, but when I'm logged in, any program that runs as me can access my files (subject to some partial restrictions that Apple introduced a while ago). And anyone gaining access to my unlocked computer can easily copy that password file.

You could say once malware is executed with my credentials it's game over anyway. But I disagree with that. Having a file full of passwords stolen is far worse than than anything else, including key loggers, because it's maximum damage in a minimum amount of time.

I want to make that as difficult as possible for any attacker.

icebrainingOP6y ago

> when I'm logged in, any program that runs as me can access my files

On Windows, the same is true of the encrypted data; any program that runs as you can decrypt it. Is it different on macOS? How does the system authenticate a specific program?

fauigerzigerk6y ago

On the Mac, Safari and Chrome store passwords in a key chain. To reveal any of those passwords you have to re-enter your macOS login password or whatever authentication method was used to log into the device (fingerprint, face ID, ...).

So it's not the program that is authenticated. The system simply makes sure that any program accessing that particularly sensitive data is really controlled by the logged in user.

This is entirely separate from protections for other files that may or may not be encrypted.

1 more reply

zelly6y ago

You are more likely to lose your data while the computer is on and drives decrypted than when it is off. The threat model for FDE is thieves or government physically stealing your drive. Much more people get pwned in software than physically. I mean you don't just leave root shells laying around do you?

icebrainingOP6y ago

The question was whether the keychain really protects from those software attacks. I wondered mostly because I know that Windows will allow any process running as a certain user to decrypt data stored by any other process (at least if it's stored using the Data Protection API, like Chrome does for its passwords), so it only really protects your data from other users and their malware.

It seems that macOS authenticates each process, so that might provide some extra security.

j / k navigate · click thread line to collapse

0 comments

fauigerzigerk6y ago

I want to make that as difficult as possible for any attacker.

icebrainingOP6y ago

> when I'm logged in, any program that runs as me can access my files

On Windows, the same is true of the encrypted data; any program that runs as you can decrypt it. Is it different on macOS? How does the system authenticate a specific program?

fauigerzigerk6y ago

So it's not the program that is authenticated. The system simply makes sure that any program accessing that particularly sensitive data is really controlled by the logged in user.

This is entirely separate from protections for other files that may or may not be encrypted.

1 more reply

zelly6y ago

icebrainingOP6y ago

It seems that macOS authenticates each process, so that might provide some extra security.

j / k navigate · click thread line to collapse