23Kas
How secure is Keychain on OS X?
Keychain is a built-in app on OS X that stores all of the user credentials, and allows for one to keep encrypted notes in an easily accessible way.
Does anyone know how secure Keychain is? I know there was a vulnerability in 2008 with clear text being stored in memory, but it was patched. How resistant can it be to cold-boot attacks?
Here are some relevant SE links:
- how-do-you-keep-track-of-all-your-passwords - SU
- what-is-your-favorite-password-storage-tool - SU
- retrieving-osx-keychain-passwords - IT Security - covers brute-forcing (aes is mentioned)
I think this is important since apps written for OS X are starting to store all passwords in the user's Keychain: safari, chrome, subversion, Mail, etc.
