Author

Topic: Security of Apple's encrypted dmg's (Read 2304 times)

hero member
Activity: 728
Merit: 500
165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
September 30, 2012, 09:22:15 AM
#4
I don't know how well DMG encryption has been audited. I reccomend using gpg or truecrypt which are both well scrutinized and available on all major platforms.

A 20 character password is sufficient if it is completely random but possibly not if it is from dictionary words. I reccomend against l33tspeak words which tend to make the password hard to remember faster than they add entropy.  Either use a short fully random key or use a long list of plain words.  Otherwise you will forget some bit of punctuation.

The rest of your process looks good for a highly paranoid approach.
donator
Activity: 1218
Merit: 1079
Gerald Davis
September 30, 2012, 09:19:12 AM
#3
Yeah the two concerns are future access and security. 

What is the specs of the closed source dmg format?  Who knows.  Does it have an easily exploitable cryptographic flaw? Who knows.  In 20 or 30 or 50 years will Apple still produce OS capable of using that file format?  Who knows.

While there is nothing wrong with how you make a backup, using an open standard (like an AES encrypted text file) would ensure higher future compatibility and the security is more transparent.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
September 30, 2012, 09:05:01 AM
#2
For that much work I would have printed a long time supply of paper wallets instead of just one.

I am not sure what encryption is used in a dmg, nevertheless I would have done an encrypted PDF if it were me - knowing PDF uses AES - and because it would be openable on more machines while requiring a lower skill level to do so, just in case I need it openable by others. But that would be just me, and my needs may not be the same as yours.
full member
Activity: 136
Merit: 100
September 30, 2012, 08:57:28 AM
#1
Hi guys!

I printed one copy of a paper wallet on a brand new offline mac installation, that only had tha saved bitaddress.org webpage on it and the printer drivers. I then saved the pdf on an encrypted apple dmg image with a 20+ character password. Ejected the image, saved it on a stick, shut down, formatted and zeroed-out the drive, then uploaded the unopened dmg to dropbox, emailed it to wife/friends for safekeeping and saved it on various other media.

The paper copy is in a safe place.

I'm guessing I should be pretty safe, would anyone care to comment? Oh, OS 10.6.8 if it matters.


many thanks in advance.

Jump to: