Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 7 Apr 2012 16:23:56 +0400
From: Solar Designer <>
Subject: Re: Mac OS X keychains and FileVault

On Sat, Apr 07, 2012 at 05:32:12PM +0530, Dhiru Kholia wrote:
> On Sun, Apr 1, 2012 at 11:34 AM, Solar Designer <> wrote:
> > - extractkeychain-0.1.tar.gz
> Does this work with current version of OS X key-chains?

I have no idea, but I guess that it does.  I found it much later than I
stopped playing with cracking a keychain.

> If yes, this
> will be the most promising option for developing a JtR plug-in.


> > - crowbarDMG, crowbarKC
> It looks like this tool too uses OS X internal calls (people have
> complained about its speed).


However, the speed won't be very high even if we implement our own
crypto - per BLOBFORMAT, there's PBKDF2 with 1000 iterations.

> I also found a new tool : osx-keychain-brute
> (,
> no sources though). Looks like it calls SecKeychainUnlock function.
> Claimed speed is 500 k/s.

Sounds unrealistic to me.

- Every 500 passwords the current word is shown to the user"

This seems to imply a fairly low speed - much like what I was getting.

Oh, I also triggered a memory leak (somewhere in a library used by
securityd, IIRC) in the original OS X 10.5 by running that attack.
My 1 GB RAM MacBook would fail in 1-2 days of running the attack.
I reported this to Apple at the time, so hopefully it's fixed by now.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.