Ask HN: Is an encrypted DMG really secure?
I have been looking for a forensic-like in-depth analysis on Apple's DMG file format. I have done the basic Google search on the topic, and found a few resources, but they are not satisfying. Do you know any good resource for reading in-depth about the security of this file format, when encrypted with AES-256?
2 comments
[ 6.9 ms ] story [ 32.5 ms ] threadIf so, all you need is the hash of the file and such hashing can protect essentially all forms of files as long as the source of the hash is trustworthy.
By secure, I mean the Confidentiality aspect of the CIA-triplet (Confidentiality, Integrity, Availability) here: that only those person can read the data stored in the encrypted DMG, who has the correct passphrase (which is long and complex enough, and contains sufficient entropy, of course).
So any implementation weaknesses (incorrect IV initialisation of the AES-XTS, or anything like that) or other security vulnerabilities which would harm the confidentiality of the container would be interesting to me.