Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Keychain does not encrypt names #118

Closed
ithinkihaveacat opened this issue May 12, 2016 · 0 comments
Closed

Keychain does not encrypt names #118

ithinkihaveacat opened this issue May 12, 2016 · 0 comments

Comments

@ithinkihaveacat
Copy link

One thing I was surprised to discover is that Keychain does not encrypt the names corresponding to password entries; these are easily readable via strings or similar. This means that the websites the user accesses, and often related email addresses, can be trivially extracted from the login keychain:

$ strings ~/Library/Keychains/#.keychain | grep www.britishgas.co.uk
www.britishgas.co.uk
www.britishgas.co.ukhtps

This is retrospectively "obvious" since Keychain itself can read the name/titles without a password, but it might be worth noting in the guide.
@drduh drduh closed this as completed in bc3161a May 18, 2016
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ithinkihaveacat