Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'You're correct, except not' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
You're correct, except not
Authored by: dethbunny on Jul 10, '06 11:31:08PM
You're correct in that the FileVault image is not encrypted with the user's password. It's encrypted with a private key that is stored in the keychain. The keychain, however, is encrypted with the user's password. [very slightly simplified]

That's why changing the account password through any method other than the Accounts prefpane results in numerous dialogs asking for the "password for the keychain 'login.'" A user cannot unlock a keychain unless the password is known, even if blessed with Admin powers. That's also why the Master Password is so important for FileVault - without that, any time the account password is forgotten all data becomes totally inaccessible.

Keychain and FileVault are actually very secure if strong passwords are used.

[ Reply to This | # ]
You're correct, except not
Authored by: SOX on Jul 11, '06 09:53:07AM

I don't think you are correct. When I change my password on my computer or sometimes after I do a system software update, when I run a program than wants keychain access it pops up and says my keycahin password has changed do you want to update the key chain. I don't need to enter my password to do that (after what would I enter, my old one or my new one?). I just click okay. instant keychain access.

thus root should be able to do this.



[ Reply to This | # ]