14 Replies Latest reply: Jun 2, 2010 2:20 AM by Christinalee88
benjamingordon Level 1 (45 points)
hi.

i always carry external hard drives around with me... can i password protect them from being opened so if it gets nicked they dont have access to my data?

thanks, benji

Mac Pro Quad 2.66GHz & Macbook Pro Dual 2.4GHz, Mac OS X (10.6.2), Apogee Duet, 6GM RAM
  • J D McIninch Level 5 (4,060 points)
    Yes.

    You have a couple of options. First, you can create a disk image on the drive that is encrypted and use that. By using a sparse image, the image can grow as you use it. On the drive, this will be a file, and when you double-click it you'll be prompted for a password. If you supply a valid password, the file will appear as a new disk drive (which you can use in pretty much any way you'd use a disk).

    You can also use a third-party utility like [TrueCrypt|http://www.truecrypt.org], which gives a mind-numbing number of options for encryption; including some that go well beyond military-grade data encryption.
  • benjamingordon Level 1 (45 points)
    hi.

    so if i create a sparse disk image i can put stuff into the disk image when its mounted and it will copy into the disk image file on the external drive?

    will truecrypt literally let you password protect an external harddrive... i dont think CIA are after me so a simple solution will suit me...

  • Király Level 6 (9,740 points)
    benjamingordon wrote:
    hi.

    so if i create a sparse disk image i can put stuff into the disk image when its mounted and it will copy into the disk image file on the external drive?


    Yes. The only drawback is that you won't be able to access the contents from a Windows machine. But if you're a Mac-only guy there's no problem.
  • benjamingordon Level 1 (45 points)
    yea thats cool!

    so ive done this and selected spare disk image but it still asks you to choose the size....?
  • J D McIninch Level 5 (4,060 points)
    Yes and yes.

    I should point out that the disk image solution will only be readable on Macs.

    The TrueCrypt solution, however, will work with any platform that TrueCrypt supports (Mac/Windows/Linux), but does require the free TrueCrypt software to be installed in order to access the encrypted data.
  • WZZZ Level 6 (12,855 points)
    JD, don't mean to hijack this thread, and I'll start a new topic if you think that's better, but what you are suggesting seems to be the equivalent of setting up File Vault, but just for the External. File Vault, everything residing in one single file, scares the crap out of me.


    Something I've been wondering about for a while for theft scenario: If the External were a clone--my situation--do you think Automatic log in disabled, maybe along with Virtual Secure Memory, and a really good random password be adequate? I'm interested in your take on this. But wouldn't stop good data recovery, would it?

    Message was edited by: WZZZ
  • J D McIninch Level 5 (4,060 points)
    Essentially, the disk image solution is what FileVault is. You can, of course, have many disk images...

    File-system or directory encryption is a relatively risky proposition. It can make it very difficult to recover if something goes awry.

    If you'd like to encrypt files one-by-one, there's several programs like PGP and GPG that will encrypt individual files. It's not as convenient, since it's not transparent -- you have to manually encrypt/decrypt the files.
  • benjamingordon Level 1 (45 points)
    ok so what file size do i choose? i dont understand i though that because its sparse it can expand?

    i made it 40 mb and tried to add 100mb of stuff and it said there is not enough space?
  • J D McIninch Level 5 (4,060 points)
    For a sparse disk image, the size sets the upper-bound for how big the disk image can get. If you said 40 MB, the OS will not permit the disk to grow to >40 MB in size.

    Try not to make a sparse disk image with a size that exceeds the actual size of the volume that you're putting the disk image on.
  • Király Level 6 (9,740 points)
    WZZZ wrote:
    do you think Automatic log in disabled, maybe along with Virtual Secure Memory, and a really good random password be adequate?


    Not for an intruder who has physical access. Encryption is the only thing that can protect against that.
  • WZZZ Level 6 (12,855 points)
    Kiraly, how does someone with physical access get past the password (a strong, random password that would make a dictionary attack impossible)? I'm thinking I'm logged out when they steal it or break in.
  • Király Level 6 (9,740 points)
    Easy. They reset your admin password, in single user mode, or with an OS X install disc.

    Easier yet, they just plug your hard drive to their computer. Then they "own" it on their system and have full read and write access to it.

    If your data is not encrypted, it isn't safe from an intruder who has physical access.
  • WZZZ Level 6 (12,855 points)
    Thanks, yeah those things are obvious, aren't they. Don't want to use FV, so guess I will have to continue to live on the edge.
  • Christinalee88 Level 1 (0 points)