4/8/2023 0 Comments Macpass vs keychain![]() ![]() This is why keychain items migrate to a new device only if a backup password is set. If a user chooses not to encrypt the backup, the files aren’t encrypted regardless of their Data Protection class but the keychain remains protected with a UID-derived key. This threat can be mitigated with a sufficiently strong password. Despite this large iteration count, there’s no tie to a specific device, and therefore a brute-force attack parallelized across many computers could theoretically be attempted on the backup keybag. The keybag-protected with the password set-is run through 10 million iterations of the key derivation function PBKDF2. As explained previously, nonmigratory keychain items remain wrapped with the UID-derived key, allowing them to be restored to the device they were originally backed up from but rendering them inaccessible on a different device. A new keybag is created with a new set of keys, and the backed-up data is reencrypted to these new keys. The backup keybag is created when an encrypted backup is made by the Finder ( macOS 10.15 or later) or iTunes (in macOS 10.14 or earlier) and stored on the computer to which the device is backed up.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |