LynnWilton

Q: encryption integrity?

I've just encrypted a Seagate EHD linked by USB to my iMac (Mavericks). Once I (right)-clicked on the "encryption" option, there then appeared no "window" to advise me of the "work-in-progress", or anything at all...so, I wonder if the encryption is real; has it happened? How so fast?

I do notice of course that once ejecting the EHD, then reinserting, I am (reassuringly) required to enter my password so as to enable access to the disk.

But? Since it took almost (it seems) no time for the iMac to encrypt the disk, then...supposing someone savvy with "disk content recovery" breaks open the disk, bypasses the password and extracts my data from the disk "internals" (the contents of which, I theorise, have not really been encrypted at all)??

Am I missing something?

Any clarifications most welcome..

iMac, OS X Mavericks (10.9.2), 2.9 GHz Intel Core i5 8GB1600MHz

Posted on Jun 21, 2016 10:22 AM

Close

Q: encryption integrity?

  • All replies
  • Helpful answers

  • by BobHarris,Solvedanswer

    BobHarris BobHarris Jun 21, 2016 11:16 PM in response to LynnWilton
    Level 6 (19,272 points)
    Mac OS X
    Jun 21, 2016 11:16 PM in response to LynnWilton

    The encryption happens in the background.  You can use the computer and the disk while it is being encrypted (although access to that disk may be slower due to the extra I/O happening while it is being encrypted).  The device drivers maintain a "High Water Mark" during encryption that tells the driver whether a read or write request is to a part of the disk below the mark (already encrypted), or above (still unencrypted), and the device driver does the right thing, making sure that the encryption task does not step on your read/write in the middle of it.

     

    Because a high water mark is used, if the disk is ejected before the encryption is complete, then ONLY the data already encrypted is safe.  The disk must finish encryption before all your data is safe.  When the disk is remounted, the device drivers should automatically continue advancing the high water mark to finish the encryption.

     

    I do not know what GUI will tell you the progress of encryption, but this Terminal command is suppose to provide status

        /usr/sbin/diskutil coreStorage list

    There should be a section of the form

    |   Encryption Type:     AES-XTS
    |   Encryption Status:   Unlocked
    |   Conversion Status:   Complete
    |   High Level Queries:  Fully Secure

    that should tell you the status of the encryption.  In my case, my encryption is 'Complete'.  If you have multiple disks, you will to figure out which entry is associated with your EHD

     

    Once the entire disk is encrypted, the password CANNOT be bypassed.  If you forget your password, your data is lost, unless your password is so trivial that it can be guessed or brute forced to be discovered.  See <https://www.grc.com/haystack.htm> for information about password length needed to avoid brute force attacks.

     

     

    The entire purpose of encrypting the disk is that unless you enter your password, the data on the disk cannot be accessed, even if the disk is removed from your system and attached to another computer.  Apple's FileVault does a very good job in this regards.

  • by LynnWilton,

    LynnWilton LynnWilton Jun 21, 2016 11:17 PM in response to BobHarris
    Level 1 (9 points)
    Desktops
    Jun 21, 2016 11:17 PM in response to BobHarris

    Very useful, Thanks.

    I input the Terminal ref you provided...identified my disk ok.