I am trying to figure out if there is a difference between FileVault 2 whole disk encryption and formatting a drive through Disk Utility using "Mac OS Extended (Journaled, Encrypted). Documentation shows that FileVault 2 uses XTS-AES 128 bit encryption but i can not find any such documentation for Disk Utility.
Also, is FileVault still vulnerable to this attack: http://nakedsecurity.sophos.com/2012/02/02/filevault-encryption-broken/ ?
And the final question, is storing an encrypted disk image inside another encrypted disk image twice as secure? Would someone have to crack open the first and then spend the same amount of time and effort on the second image or is the second image vulnerable as soon as the first image is broken?
Both encryption approaches use the same CoreStorage volume management technology and XTS-AES 128-bit encryption. The difference is setting up FileVault provides the system with a login window that will unlock the disk with your login password, and then pass these credentials on to the operating system's login window, as opposed to simply setting up the password and requring you to supply it through Apple's disk management interface tools once the OS is loaded.
The FireWire DMA attacks were enabled in part because of a flaw in OS X that allowed DMA access when the screen was locked (ie, when a password was required to log back into the system), but Apple updated this (I believe with OS X 10.7.4, but am not sure).
Beyond this, the system should only be vulnerable to DMA attacks when logged in.
However, you can further protect yourself by enabling a firmware password on your system, by rebooting with Command-R held to get to the OS X tools, and then using the firmware password utility in the Utilities menu to set the password. This will lock down the hardware on your system, and in addition to preventing booting to external drives and to special boot modes (Safe Mode, Single User mode, etc.), will block DMA access.