[Owasp-leaders] Keychain IOS

Abbas Naderi abbas.naderi at owasp.org
Fri Feb 1 12:11:56 UTC 2013


Hi Ala'a,
1. It uses FIPS approved methods, for details you should refer to the appropriate mailing list.
2. Default root password for jailbreaks is "alpine". they use that to query the keychain. without that you can't decrypt the data as it requires root privileges.
3. nop, but there's still keychain.
-Abbas
On ۱۲ بهمن ۱۳۹۱, at ۱۴:۰۱, "Ala'a Mubaied" <alaa.mubaied at owasp.org> wrote:

> Hello Everyone,
> 
> regarding the keychain service in IOS, i have a couple of questions please:
> 
> 1. what is the encryption method used to encrypt data in keychain ?
> 2. in jailbroken phones, if you look into this video, they use keychain_dumper which dumps all the secrets from the keychain, my question, does that mean keychain_dumper decrypt the information from the keychain and how it reads the decryption keys ?
> 3. does keychain_dumper works ok for un-jailbroken iphones ?
> 
> Thanks 
> Ala'a
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4889 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130201/ec3f4dac/attachment.bin>


More information about the OWASP-Leaders mailing list