Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 8 Aug 2011 21:11:25 +0200
From: Robert Ve┼żnaver <>
Subject: Robert's wannabe status report #2

Since the time I spent in front of the computer was very limited thanks to my conjunctivitis (therefore the "wannabe" in the title), here are a couple of things I managed to figure out in that short time span.

According to and a couple of experiments with the OS X keychain, the OS X keychain has a master signing key (msig key) and a master encryption key (menc key). The msig key is encrypted with the menc key and the menc key is encrypted with the keychain password.

The encrypted msig key and encrypted menc key seem to always be on the same location relative to the end of the keychain file. I figured this out by changing the keychain password and doing a binary diff between the changed one and the original one (I did this on a couple of keychains and each password change behaves in the same way). Both the msig and menc keys are 384 bit.

There is one problem though: thanks to the changing of two fields in the keychain file (one seems to be a counter for password changes and the other a counter for the number of keychain unlocks) the msig key changes as well as the menc key so I'm not really sure which one is which. Hopefully I'll figure this one out :)

The menc key is encrypted using the 3DES algorithm (according to docs). The implementation is in this file: 
I don't know much about 3DES, but I do know that it needs 3 keys. I'm not really sure how the algorithm extracts three different keys from an ASCII string, so any help/tips regarding this method in this or any other implementation is appreciated ;)


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.