basic security

Started by soundman{^}, February 28, 2011, 01:58:50 PM

Previous topic - Next topic

soundman{^}

Now that Lion will have Whole Disk Encryption, I can forget about getting involved with symantec (pgp).  But, as Joe Kissel writes in his epic work "Mac Security Bible",  it's best to have dual layer encryption:  layer 1, WDE; layer 2, individual file and folder encryption using encrypted disk images or containers.  I know I bought an 'Espionage' license for something.  But let's get something straight.  I need to know what traces your app leaves on the hard disk OR on RAM.  From a forensic point of view.  Any retrievable strings of password, keys, personal info, history, or text in cache files, database, virtual memory, hard memory, var, temp, app support, any library, or for that matter, any other place I haven't mentioned?

If wer'e going to do privacy, let's do it all the way.  Full disclosure of the above would be appreciated, or at least a statement that you are not able to disclose certain of the above items (though you realize that falling back on 'proprietory' is looked at negatively by the privacy community.

Also, are you considering implementing a blowfish or two-fish cypher?

Last question:  You have mentioned disconnecting from dependence on keychain.  I need a time-frame for that.  By the way, what is the nature of 'Espionage's dependence on keychain access?

Your indulgence is appreciated.

greg

#1
Hi soundman!

We are very happy to have customers like you, as you ask excellent questions.  :)

Quote from: "soundman{^}"I need to know what traces your app leaves on the hard disk OR on RAM.  From a forensic point of view.  Any retrievable strings of password, keys, personal info, history, or text in cache files, database, virtual memory, hard memory, var, temp, app support, any library, or for that matter, any other place I haven't mentioned?

Our app, and OS X in general, will leave you passwords in RAM. There is little you can do about this unfortunately (except to find an operating system that doesn't do this). This is a vulnerability that afflicts virtually all personal security software, and the best remedy to it is to shutdown your computer instead of putting it to sleep if you ever think you might be leaving it in a place where it could be compromised without your knowing it.

Espionage does not keep cache files, but some applications that it protects might, which is why for full security you'll definitely want to enable the WDE that's coming in Lion if you want maximum security.

We're going to be making some major changes this year to Espionage, and once those are finished the full-disclosure of all of the internals is definitely a goal we can reach. I know you're aching to know exactly when, but as you know, predicting development is notoriously difficult. I can say though that you should expect to see these changes within a year, and if you don't, something's amiss and feel free to poke us again!

QuoteAlso, are you considering implementing a blowfish or two-fish cypher?

No. From my understanding blowfish/two-fish are not the best algorithms to use. We plan on sticking with AES-128 and AES-256 for now.

QuoteLast question:  You have mentioned disconnecting from dependence on keychain.  I need a time-frame for that.

Same as mentioned above. Expect major changes in this arena within a year.

QuoteBy the way, what is the nature of 'Espionage's dependence on keychain access?

The keychain is a method for guarding your individual folder passwords with your master password. Espionage can use either the login keychain or its own keychain. Using the separate keychain is best from a security point of view (with a unique password). Also, if you use the separate keychain, Espionage will keep backups of it.

Please check your PMs, we would be honored to have you as a beta tester for Espionage, and that way you can make sure that all your concerns and feedback get direct attention during the development process.
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!

freiheit

#2
I know nothing's officially mentioned yet, but for those of us who plan to give MacOS 10.7 Lion a pass, will these "major changes" coming in 2011 be available on Snow Leopard?

greg

#3
Quote from: "freiheit"I know nothing's officially mentioned yet, but for those of us who plan to give MacOS 10.7 Lion a pass, will these "major changes" coming in 2011 be available on Snow Leopard?

Yup, they'll be compatible with Snow Leopard (but "within a year" doesn't necessarily mean before 2012).
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!