Q: Question by Darren Chaker on Encryption
-
Aug 1, 2016 9:59 AMby Esquared,HelpfulFileVault 2 uses XTS-AES 128 encryption.
Use FileVault to encrypt the startup disk on your Mac - Apple Support
I don't think this can be considered "military grade", because there are more secure encryptions. But it's not as if you could hack your way into it on a rainy Sunday afternoon.
-
by John Lockwood,Aug 2, 2016 3:12 AM
John Lockwood
Aug 2, 2016 3:12 AM
in response to darren_chaker
Level 6
(9,225 points)
Servers EnterpriseThe XTS-AES 128bit encryption is basically the same encryption scheme used by most other full disk encryption products although most other products seem to use 256bit encryption which in theory means they are more secure.
The FileVault2 scheme including the use of XTS-AES 128bit encryption has been previously approved by NIST (National Institute of Standards and Technology) as being FIPS 140-2 validated. (Federal Information Processing Standard)
See - http://csrc.nist.gov/groups/STM/cmvp/standards.html
and - http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2016.htm (search for CoreCrypto)
Each implementation has to be individually tested, so NIST have had to test this on each Mac running Yosemite and each Mac running El Capitan - yes El Capitan is now also approved as FIPS 140-2.
In general if a full disk encryption product is approved as FIPS 140-2 then most enterprises e.g. banks, and government departments will consider it suitable for use. However really sensitive systems e.g. CIA, NSA, etc. will probably require and use much higher levels of security and this may even involve custom solutions. Apparently the US President has recently switched to a very heavily customised Android phone from his previous Blackberry.
Note: iOS devices are also encrypted and also FIPS 140-2 approved.
