Skip navigation

How Secure is FileVault?

2364 Views 14 Replies Latest reply: Nov 22, 2012 2:44 AM by christopher rigby1 RSS
Mac OS 9000 Level 2 Level 2 (270 points)
Currently Being Moderated
Apr 18, 2012 8:53 PM

If I use FileVault, and someone gets my computer, can they get into my files by using the Reset Password utility on the Mac OS X installation DVD?

iMac6,1 (Late 2006 iMac Intel), 3 GB RAM, 2.33 GHz Processor, 2 TB internal HD, Mac OS X (10.5.8), Minor GUI mods, a lot of stuff connected with FireWire or USB
  • Kappy Level 10 Level 10 (221,025 points)
    Currently Being Moderated
    Apr 18, 2012 8:55 PM (in response to Mac OS 9000)

    No, that utility is only for resetting an admin account password, not a FileVault master password.

  • BDAqua Level 10 Level 10 (114,765 points)
    Currently Being Moderated
    Apr 18, 2012 9:13 PM (in response to Mac OS 9000)

    It's so secure that if anything goes wrong, as it can, you'll never see your files again yourself.

  • Kappy Level 10 Level 10 (221,025 points)
    Currently Being Moderated
    Apr 18, 2012 9:14 PM (in response to BDAqua)

    Sort of like the time of the first forward pass in football. Coach said, "There are three things that can happen when you throw a pass, and two of them are bad."

  • BDAqua Level 10 Level 10 (114,765 points)
    Currently Being Moderated
    Apr 18, 2012 9:21 PM (in response to Kappy)

    indeed, thanks for the chuckle... needed that!

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    Apr 19, 2012 8:22 AM (in response to BDAqua)

    But, said the man at the 80th floor after jumping off the top of the 110 floor skyscraper, "so far, so good."

     

    file vault = vile fault (heard elsewhere)

  • BDAqua Level 10 Level 10 (114,765 points)
    Currently Being Moderated
    Apr 19, 2012 10:42 AM (in response to WZZZ)

  • jsd2 Level 5 Level 5 (6,200 points)
    Currently Being Moderated
    Apr 19, 2012 8:28 PM (in response to Mac OS 9000)

    The location of the Master Password info is not a secret - it is stored on a special keychain in the main HD Library:

     

    HD>Library>Keychains>FileVaultMaster.keychain

     

    You don't need root privileges to look into that  file, but it is useless to do so - the Master Password information stored there is itself very securely encrypted, and a login password or root password will not decrypt it.  You could Trash that keychain file, and the system would then let you set up a new Master Password and create a new FileVaultMaster.keychain file. BUT - that wouldn't help you either!  Such a new Master Password does not work on pre-existing FileVault accounts, only on accounts that had FileVault turned on after the creation of the new Master Password.

  • christopher rigby1 Level 4 Level 4 (2,070 points)
    Currently Being Moderated
    Apr 21, 2012 8:02 AM (in response to Mac OS 9000)

    I believe that File Vault is very secure, but there is one aspect no-one has yet mentioned - you should also make sure that "Use secure virtual memory" is checked in the Security pane of System Preferences. If you don't, and OS X starts using swap files while you're in FV (which is what happens if there isn't enough free RAM) then your data is scattered over your HD unencrypted. Checking that option means that any swap files are encrypted the same way as any other component of your Home folder.

  • Rudolfensis Level 1 Level 1 (45 points)
    Currently Being Moderated
    Jul 5, 2012 4:46 PM (in response to Mac OS 9000)

    Apparently FileVault can be easily decrypted with this, called VileFault:

     

    http://code.google.com/p/vilefault/

  • christopher rigby1 Level 4 Level 4 (2,070 points)
    Currently Being Moderated
    Jul 9, 2012 4:07 AM (in response to Rudolfensis)

    I've googled that, and VileFault in general.

     

    Apparently there is a hole in 10.7.3 that allows the password for older FV accounts (where the FV has been logged into since upgrade) to be read in plain text by other admin Users on a computer with startup privileges, who can access a certain system log file. It's NOT a general weakness in FV for people who haven't upgraded to OS 10.7.3

     

    Also, VileFault claims to be able to decrypt OS X .dmg files. Considering that one of their two methods is a brute force "dictionary attack", and the other involves enabling .dmg files to be read by other platforms where the password is known, it doesn't sound like a general hole in security.

     

    So I would question "easily".

  • bitmason Level 1 Level 1 (0 points)
    Currently Being Moderated
    Nov 20, 2012 4:19 PM (in response to christopher rigby1)

    @christoper, I don't see the option you refer to under System Preferences.  Is it possible the feature was dropped in 10.8?  Thanks.

  • christopher rigby1 Level 4 Level 4 (2,070 points)
    Currently Being Moderated
    Nov 22, 2012 2:44 AM (in response to bitmason)

    'Secure virtual memory' is now the default - see this article:

     

    http://support.apple.com/kb/PH11128?viewlocale=en_US&locale=en_US

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.