2 Replies Latest reply: Jul 3, 2013 3:38 AM by ChangeAgent
ChangeAgent Level 1 Level 1 (140 points)

I just ordered a new MBP and as a result will upgrade to ML.

 

I have sensitive date on my MBP that in case of theft should be not accessible to the thief.

 

the question is how secure if FV?  I read an older article that it is not. http://www.theregister.co.uk/2012/02/03/apple_disc_crypto_broken/.

I also read some other things but it is still unclear to me.  mind you I am not an expert on this at all, so I might have missed points. 

 

an other point is that I was warned by people that if you turn FV on and than of it might cause problems.  however this was in the days of it first appearing.  is this still the case?

 

Is there anybody out there who knows what the score on this is.

 

Thanks


MBP, MM, MBP - 10.6 + Windooz XP on a hard partition
  • ivansky Level 2 Level 2 (260 points)

    I am not an expert on Apple's FileVault but I did work in IT security for a long time so I think I can make some general comments that may be of assistance.

     

    Firstly, the article you reference seems clearly to be for a very specific type of attack.  This is for reasonably sophisticated attackers who can access your computer while it is still turned on.  That allows them to access the encryption key used for FileVault and bypass the encryption.  The risk you are worried about possibly doesn't match this threat at all.

     

    For instance, this threat doesn't seem to apply if your computer is turned off - I think the contents of memory can typically only be read for a few minutes after power off (there are technical articles on the web about this if you need to know more).  Of course, your computer is a laptop and so it is battery powered and therefore it is not out of the question that a thief would be able to steal it while still on - pulling out the power won't shut it down.  You need to consider whether this is a likely scenario, depending on how you use it, and if you think these attackers would be likely to attempt this type of exploit - as opposed to just nicking it at Cash Converters (insert name of local pawn shop).

     

    Secondly, it is true that if you encrypt your whole disk it can affect things like backups, depending on how you do them.  A change to one file affects the entire encrypted volume and this may result in much larger backups as the backup might have to copy your entire disk or home directory.  However, as far as I can see FileVault is now a mature technology, we have many Macbooks at work using it and they seem to be fine.

     

    I hope that's some helpful background and perhaps someone with more expertise in this area will also respond.  Another thing worth mentioning is that you can create encrypted disk volumes using Disk Utility that are good for small quantities of sensitive information. This is how I have always done it. You avoid any possible problems with making your entire directory encrypted, and still get the same type of protection for your sensitive data.  You can read http://support.apple.com/kb/HT1578?viewlocale=en_US&locale=en_US for more information on how to do that.

     

    There are also several other useful threads relating to FileVault in Apple Discussions, for instance https://discussions.apple.com/message/17942614#17942614 . You should be able to see them on the right hand side of this page under "More Like This".

     

    Hope that is helpful.

    Ivan

  • ChangeAgent Level 1 Level 1 (140 points)

    Thanks Ivan, good information and good reads.

     

     

    ivansky wrote:

     

    Firstly, the article you reference seems clearly to be for a very specific type of attack.  This is for reasonably sophisticated attackers who can access your computer while it is still turned on.  That allows them to access the encryption key used for FileVault and bypass the encryption.  The risk you are worried about possibly doesn't match this threat at all.

     

     

    yes I know.  however once a computer is stolen, and this is what I want to guard for, it would be the case.

     

     

     

    Secondly, it is true that if you encrypt your whole disk it can affect things like backups, depending on how you do them.  A change to one file affects the entire encrypted volume and this may result in much larger backups as the backup might have to copy your entire disk or home directory.  However, as far as I can see FileVault is now a mature technology, we have many Macbooks at work using it and they seem to be fine.

     

     

     

    I had realised that if there is an encrypted disk the backup programme would only see the disk and see it was changed an back-up the lot every time.

     

    anybody else any input?

     

    Erc