2 Replies Latest reply: Apr 3, 2013 11:56 AM by Crypto Smith
Michel Colman Level 1 Level 1 (15 points)

I used Disk Utility to wipe a disk and initialize it as an encrypted volume to be used for Time Machine backup. But in the Time Machine preferences, there's also an option to encrypt the destination. I'm a bit confused now:

 

If I use the encrypted disk AND choose the Time Machine encryption option, will everything be encrypted twice? Or will Time Machine simply use the encrypted volume without further ado? And what if I don't check the encryption option in Time Machine? Will it convert the disk to an unencrypted format?

 

Which is the best way? Using encrypted Time Machine backup on a regular disk, using "normal" Time Machine on an encrypted disk, or using encrypted TM on an encrypted disk? Or is it all just the same? I would assume the latter, but I want to be sure.

 

I just want to avoid a possible double encryption (which would be slow and pointless), but I do want to make sure everything is really encrypted.

 

Thanks for the info,

 

Michel Colman


MacBook Pro, Mac OS X (10.7.2)
  • Pondini Level 8 Level 8 (38,720 points)

    Michel Colman wrote:

     

    I used Disk Utility to wipe a disk and initialize it as an encrypted volume to be used for Time Machine backup. But in the Time Machine preferences, there's also an option to encrypt the destination. I'm a bit confused now:

    If the disk is encrypted, when you select it as the destination, the Encrypt backup disk box should be checked automatically.

     

     

    If I use the encrypted disk AND choose the Time Machine encryption option, will everything be encrypted twice?

    No.

     

    Or will Time Machine simply use the encrypted volume without further ado?

    Yes.

     

    And what if I don't check the encryption option in Time Machine? Will it convert the disk to an unencrypted format?

    I believe so, but don't recall if I tested that.

     

    Which is the best way? Using encrypted Time Machine backup on a regular disk, using "normal" Time Machine on an encrypted disk, or using encrypted TM on an encrypted disk? Or is it all just the same? I would assume the latter, but I want to be sure.

    Yes, encryption is encryption.

     

    See Time Machine - Frequently Asked Question #31 for the gory details.

  • Crypto Smith Level 1 Level 1 (0 points)

    Let me describe my own experiment with "double encryption" on Time Machine.

     

    At first I enabled encryption just for the Time Machine backup. Then I realized that I wanted the whole drive encrypted and not "just" the backup (a long story, don't ask).

     

    I restarted Disk Util and reformatted the drive, enabling encryption at the same time. When I went to select the drive for Time Machine, the "encrypt" box was already checked.

     

    Given Pondini's response, I think the box simply echoes the encryption setting of the underlying drive.

     

    At the time, though, I thought the checked "encrypt" box was left over from my earlier decision to encrypt just the backup. I tried several times to un-check the box, not wanting the dreaded double encryption.

     

    I couldn't uncheck the box. Each time I tried, I was led through a series of dialogs that tried to turn off encryption, but failed, ending with an obscure "conversion" error message.

     

    On reflection, this may have been because I used a different encryption password/key each time: one for "just" encrypting Time Machine, and a different one when I chose to encrypt the whole volume from Disk Util.

     

    Perhaps if I had used the same password/key both times I would have simply disabled disk encryption. Or perhaps OS X wouldn't let me un-encrypt a drive from Time Machine.