
Ask HN: Is an encrypted DMG really secure? - luczsoma
I have been looking for a forensic-like in-depth analysis on Apple&#x27;s DMG file format. I have done the basic Google search on the topic, and found a few resources, but they are not satisfying. Do you know any good resource for reading in-depth about the security of this file format, when encrypted with AES-256?
======
grenoire
What do you mean by secure? Verified content?

If so, all you need is the hash of the file and such hashing can protect
essentially all forms of files as long as the source of the hash is
trustworthy.

~~~
luczsoma
Good point, sorry for not being precise.

By secure, I mean the Confidentiality aspect of the CIA-triplet
(Confidentiality, Integrity, Availability) here: that only those person can
read the data stored in the encrypted DMG, who has the correct passphrase
(which is long and complex enough, and contains sufficient entropy, of
course).

So any implementation weaknesses (incorrect IV initialisation of the AES-XTS,
or anything like that) or other security vulnerabilities which would harm the
confidentiality of the container would be interesting to me.

