Security of Apple's encrypted dmg's

fivemileshigh (OP)

Full Member

Offline

Activity: 136
Merit: 100

Security of Apple's encrypted dmg's

September 30, 2012, 01:57:28 PM

Hi guys!

I printed one copy of a paper wallet on a brand new offline mac installation, that only had tha saved bitaddress.org webpage on it and the printer drivers. I then saved the pdf on an encrypted apple dmg image with a 20+ character password. Ejected the image, saved it on a stick, shut down, formatted and zeroed-out the drive, then uploaded the unopened dmg to dropbox, emailed it to wife/friends for safekeeping and saved it on various other media.

The paper copy is in a safe place.

I'm guessing I should be pretty safe, would anyone care to comment? Oh, OS 10.6.8 if it matters.

many thanks in advance.

casascius

Mike Caldwell
VIP
Legendary

Offline

Activity: 1386
Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Re: Security of Apple's encrypted dmg's

September 30, 2012, 02:05:01 PM

For that much work I would have printed a long time supply of paper wallets instead of just one.

I am not sure what encryption is used in a dmg, nevertheless I would have done an encrypted PDF if it were me - knowing PDF uses AES - and because it would be openable on more machines while requiring a lower skill level to do so, just in case I need it openable by others. But that would be just me, and my needs may not be the same as yours.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.

DeathAndTaxes

Donator
Legendary

Offline

Activity: 1218
Merit: 1079

Gerald Davis

Re: Security of Apple's encrypted dmg's

September 30, 2012, 02:19:12 PM

Yeah the two concerns are future access and security.

What is the specs of the closed source dmg format? Who knows. Does it have an easily exploitable cryptographic flaw? Who knows. In 20 or 30 or 50 years will Apple still produce OS capable of using that file format? Who knows.

While there is nothing wrong with how you make a backup, using an open standard (like an AES encrypted text file) would ensure higher future compatibility and the security is more transparent.

Revalin

Hero Member

Offline

Activity: 728
Merit: 500

165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g

⇾ Re: Security of Apple's encrypted dmg's

September 30, 2012, 02:22:15 PM

I don't know how well DMG encryption has been audited. I reccomend using gpg or truecrypt which are both well scrutinized and available on all major platforms.

A 20 character password is sufficient if it is completely random but possibly not if it is from dictionary words. I reccomend against l33tspeak words which tend to make the password hard to remember faster than they add entropy. Either use a short fully random key or use a long list of plain words. Otherwise you will forget some bit of punctuation.

The rest of your process looks good for a highly paranoid approach.

      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g

Pages: [1]

Bitcoin Forum > Bitcoin > Bitcoin Technical Support > Security of Apple's encrypted dmg's

« previous topic next topic »