[LinaLauneBaer]

I like the idea of a sandbox. Apple promotes the sandbox as a security feature but shouldn't Apple try to improve much more important things (security wise) first which are much less invasive?

Example: The Keychain application from Apple (used to store certificates, private keys and passwords) is using a encryption algorithm that is too weak for what it is used - namely: DES. You can break it with a reasonable amount of money.

Wouldn't it make more sense to improve these kind of things first? We would gain so much more security with a minimal effort.

[Someone]

I could not believe they would use single DES (I would have expected AES), so I googled around. Apparently (http://stackoverflow.com/questions/6312871/what-encryption-a...; it is (or at some time was) 3DES; the PDF linked from there states:

   "All the password data in the keychain is protected using the
    Triple Digital Encryption Standard (3DES)."

http://en.wikipedia.org/wiki/Triple_DES#Security states:

   "NIST considers keying option 1 to be appropriate through 2030."

I am still surprised that it is not AES, but 3DES seems good enough. Also, I am not sure that PDF still describes the current situation.

[xp84]

> "The Keychain application ... using a encryption algorithm that is too weak for what it is used - namely: DES"

Source? This is relevant to my interests. Namely, I'm trying to figure out if using something like 1password or other services would be worth it. Thanks!