[Owasp-leaders] Keychain IOS

Ala'a Mubaied alaa.mubaied at owasp.org
Sun Feb 3 13:45:15 UTC 2013


Thanks Abbas.


On Fri, Feb 1, 2013 at 4:24 PM, Jason Johnson <jason.johnson at p7n.net> wrote:

> I love to see this information pass by the leaders list. My company is
> discussing BYOD and the risk analysis that will bring to the table.
>
> Keep the mail coming I say.
>
> Jason
>
> Abbas Naderi <abbas.naderi at owasp.org> wrote:
>
> >Hi Ala'a,
> >1. It uses FIPS approved methods, for details you should refer to the
> appropriate mailing list.
> >2. Default root password for jailbreaks is "alpine". they use that to
> query the keychain. without that you can't decrypt the data as it requires
> root privileges.
> >3. nop, but there's still keychain.
> >-Abbas
> >On ۱۲ بهمن ۱۳۹۱, at ۱۴:۰۱, "Ala'a Mubaied" <alaa.mubaied at owasp.org>
> wrote:
> >
> >> Hello Everyone,
> >>
> >> regarding the keychain service in IOS, i have a couple of questions
> please:
> >>
> >> 1. what is the encryption method used to encrypt data in keychain ?
> >> 2. in jailbroken phones, if you look into this video, they use
> keychain_dumper which dumps all the secrets from the keychain, my question,
> does that mean keychain_dumper decrypt the information from the keychain
> and how it reads the decryption keys ?
> >> 3. does keychain_dumper works ok for un-jailbroken iphones ?
> >>
> >> Thanks
> >> Ala'a
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
> >_______________________________________________
> >OWASP-Leaders mailing list
> >OWASP-Leaders at lists.owasp.org
> >https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130203/cd6d4825/attachment.html>


More information about the OWASP-Leaders mailing list