14 Replies Latest reply: Nov 22, 2012 2:44 AM by christopher rigby1
Mac OS 9000 Level 2 Level 2 (270 points)

If I use FileVault, and someone gets my computer, can they get into my files by using the Reset Password utility on the Mac OS X installation DVD?


iMac6,1 (Late 2006 iMac Intel), 3 GB RAM, 2.33 GHz Processor, 2 TB internal HD, Mac OS X (10.5.8), Minor GUI mods, a lot of stuff connected with FireWire or USB
  • 1. Re: How Secure is FileVault?
    Kappy Level 10 Level 10 (226,700 points)

    No, that utility is only for resetting an admin account password, not a FileVault master password.

  • 2. Re: How Secure is FileVault?
    BDAqua Level 10 Level 10 (116,470 points)

    It's so secure that if anything goes wrong, as it can, you'll never see your files again yourself.

  • 3. Re: How Secure is FileVault?
    Kappy Level 10 Level 10 (226,700 points)

    Sort of like the time of the first forward pass in football. Coach said, "There are three things that can happen when you throw a pass, and two of them are bad."

  • 4. Re: How Secure is FileVault?
    BDAqua Level 10 Level 10 (116,470 points)

    indeed, thanks for the chuckle... needed that!

  • 5. Re: How Secure is FileVault?
    WZZZ Level 6 Level 6 (12,205 points)

    But, said the man at the 80th floor after jumping off the top of the 110 floor skyscraper, "so far, so good."

     

    file vault = vile fault (heard elsewhere)

  • 6. Re: How Secure is FileVault?
    BDAqua Level 10 Level 10 (116,470 points)

     

  • 7. Re: How Secure is FileVault?
    Mac OS 9000 Level 2 Level 2 (270 points)

    Yes, but once you have the root password, can't you get the FileVault master password from the keychain or from a file stored somewhere?

    Kappy wrote:

     

    No, that utility is only for resetting an admin account password, not a FileVault master password.

  • 8. Re: How Secure is FileVault?
    jsd2 Level 5 Level 5 (6,200 points)

    The location of the Master Password info is not a secret - it is stored on a special keychain in the main HD Library:

     

    HD>Library>Keychains>FileVaultMaster.keychain

     

    You don't need root privileges to look into that  file, but it is useless to do so - the Master Password information stored there is itself very securely encrypted, and a login password or root password will not decrypt it.  You could Trash that keychain file, and the system would then let you set up a new Master Password and create a new FileVaultMaster.keychain file. BUT - that wouldn't help you either!  Such a new Master Password does not work on pre-existing FileVault accounts, only on accounts that had FileVault turned on after the creation of the new Master Password.

  • 9. Re: How Secure is FileVault?
    Mac OS 9000 Level 2 Level 2 (270 points)

    This is interesting... but the OS must be accessing the master password file somehow. It just seems like it would be hackable if it's just being encrypted the same way every time. Or someone could modify the system to make it open the FileVault for them? Well, it already seems very tough to do any of that. I guess it can be considered very unlikely that it would be hacked unless some real professionals are after the data.

    jsd2 wrote:

     

    The location of the Master Password info is not a secret - it is stored on a special keychain in the main HD Library:

     

    HD>Library>Keychains>FileVaultMaster.keychain

     

    You don't need root privileges to look into that  file, but it is useless to do so - the Master Password information stored there is itself very securely encrypted, and a login password or root password will not decrypt it.  You could Trash that keychain file, and the system would then let you set up a new Master Password and create a new FileVaultMaster.keychain file. BUT - that wouldn't help you either!  Such a new Master Password does not work on pre-existing FileVault accounts, only on accounts that had FileVault turned on after the creation of the new Master Password.

  • 10. Re: How Secure is FileVault?
    christopher rigby1 Level 4 Level 4 (2,080 points)

    I believe that File Vault is very secure, but there is one aspect no-one has yet mentioned - you should also make sure that "Use secure virtual memory" is checked in the Security pane of System Preferences. If you don't, and OS X starts using swap files while you're in FV (which is what happens if there isn't enough free RAM) then your data is scattered over your HD unencrypted. Checking that option means that any swap files are encrypted the same way as any other component of your Home folder.

  • 11. Re: How Secure is FileVault?
    Rudolfensis Level 1 Level 1 (45 points)

    Apparently FileVault can be easily decrypted with this, called VileFault:

     

    http://code.google.com/p/vilefault/

  • 12. Re: How Secure is FileVault?
    christopher rigby1 Level 4 Level 4 (2,080 points)

    I've googled that, and VileFault in general.

     

    Apparently there is a hole in 10.7.3 that allows the password for older FV accounts (where the FV has been logged into since upgrade) to be read in plain text by other admin Users on a computer with startup privileges, who can access a certain system log file. It's NOT a general weakness in FV for people who haven't upgraded to OS 10.7.3

     

    Also, VileFault claims to be able to decrypt OS X .dmg files. Considering that one of their two methods is a brute force "dictionary attack", and the other involves enabling .dmg files to be read by other platforms where the password is known, it doesn't sound like a general hole in security.

     

    So I would question "easily".

  • 13. Re: How Secure is FileVault?
    bitmason Level 1 Level 1 (0 points)

    @christoper, I don't see the option you refer to under System Preferences.  Is it possible the feature was dropped in 10.8?  Thanks.

  • 14. Re: How Secure is FileVault?
    christopher rigby1 Level 4 Level 4 (2,080 points)

    'Secure virtual memory' is now the default - see this article:

     

    http://support.apple.com/kb/PH11128?viewlocale=en_US&locale=en_US