"One of the beauties that comes with Mac OS X is the Keychain that helps you manage your authorization needs as it acts as a depository of passwords. By using the Keychain you don't need to remember a myriad of passwords but rather just the Keychain password. Don't worry about losing your passwords either, since the Keychain can be backed up with ease."
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-07-18
And what is a passphrase other than a very long password?
A password must be transmitted to the remote computer for authentication.
A passphrase is never transmitted, but is used locally to unlock a private encryption key, which is used both for encryption and authentication. Security is improved by making it long, but it need not be.
Keychain ensures that the unencrypted private key is held in memory where only I can use it on future local logins for automatic authentication for remote access.
Since the article talked about passwords, I suspect Keychain Access actually transmits passwords.
Member since:2006-03-20
Uhm, no, on both accounts.
This is the first time I hear this distinction between 'passphrase' and 'password', and quick google shows that I'm not alone on that.
Second, OS-X Keychain by itself doesn't transmit anything; it just provides a secure storage for sensitive data for use by other local applications (just like ssh keychain, but in a more general way).
"Keychain Access" is a GUI to OS-X Keychain so that users can store arbitrary data, including passwords. What the user does with the passwords (which may be the combinations for their wall safe), is outside of Keychain/Keychain Access control.
Similar, if an application stores passwords or passphrases in OS-X Keychain, it is up to the application alone to decide how to use the stored secrets.
The OS-X Keychains themselves are passphrase protected, so if you lock a keychain (which you can set to happen automatically), applications or nosy roomies no longer have access to it - any attempt will cause the OS to open a dialog asking for your Keychain passphrase.
Member since:
2006-03-20
The OS-X Keychain allows the same functionality: applications can and do use it to safely store all kinds of sensitive data.
This is used for example by the free "SSHKeychain" application to do what its counterparts do on Linux: store ssh keys in memory so that you don't have to manually authorize them all the time.
And what is a passphrase other than a very long password?