PDA

View Full Version : Full disk encryption coming in Lion?




Jethryn Freyman
Dec 27, 2010, 05:44 PM
From here:

http://www.tuaw.com/2010/11/15/why-10-6-5-and-symantecs-pgp-whole-disk-encryption-didnt-get-a/

From: Steve Jobs
Subject: Re: HiEd Frustrations
Date: November 11, 2010 4:49:01 PM CST
To: [redacted]

Disk encryption coming in Lion. Don't know about #2.

Sent from my iPhone

... and the full email with headers:

From: Steve Jobs
Subject: Re: HiEd Frustrations
Date: November 11, 2010 4:49:01 PM CST
To: [my name redacted]
Return-Path:
Received: from localhost ([unix socket]) by cyrus1a.mail.[mydomain redacted].edu (Cyrus v2.3.16) with LMTPA; Thu, 11 Nov 2010 16:49:52 -0600
Received: from mh5.mail.[mydomain redacted].edu (mh5.mail.[mydomain redacted].edu [x.x.199.32]) by cyrus1a.mail.[mydomain redacted].edu (Postfix) with ESMTP id 910842A80A6 for ; Thu, 11 Nov 2010 16:49:52 -0600 (CST)
Received: by mh5.mail.[mydomain redacted].edu (Postfix) id 85DF128F75B; Thu, 11 Nov 2010 16:49:52 -0600 (CST)
Received: from mh5.mail.[mydomain redacted].edu (localhost.localdomain [127.0.0.1]) by mh5.mail.[mydomain redacted].edu (Postfix) with ESMTP id 78FDB28F757 for ; Thu, 11 Nov 2010 16:49:52 -0600 (CST)
Received: from mh5.mail.[mydomain redacted].edu ([127.0.0.1]) by mh5.mail.[mydomain redacted].edu (mh5.mail.[mydomain redacted].edu [127.0.0.1]) (amavis, port 10024) with ESMTP id jmPRdhVzrSfB for ; Thu, 11 Nov 2010 16:49:51 -0600 (CST)
Received: from mail-out4.apple.com (mail-out4.apple.com [17.254.13.23]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mh5.mail.[mydomain redacted].edu (Postfix) with ESMTPS id CE56028F739 for ; Thu, 11 Nov 2010 16:49:49 -0600 (CST)
Received: from relay16.apple.com (relay16.apple.com [17.128.113.55]) by mail-out4.apple.com (Postfix) with ESMTP id 867B3BC5D7A8 for ; Thu, 11 Nov 2010 14:49:48 -0800 (PST)
Received: from et.apple.com (et.apple.com [17.151.62.12]) by relay16.apple.com (Apple SCV relay) with SMTP id 67.CE.03845.C037CDC4; Thu, 11 Nov 2010 14:49:48 -0800 (PST)
Received: from [17.248.4.101] (wave-dhcp101.apple.com [17.248.4.101]) by et.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id for bk@[mydomain redacted].edu; Thu, 11 Nov 2010 14:49:48 -0800 (PST)
X-Sieve: CMU Sieve 2.3
Delivered-To: bk@[mydomain redacted].edu
X-Virus-Scanned: by amavis-2.6.4 at mh5.mail.[mydomain redacted].edu
X-Smtp-Auth: no
X-Policyd-Weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_MX=-3.1 (check from: .apple. - helo: .mail-out4.apple. - helo-domain: .apple.) FROM/MX_MATCHES_HELO(DOMAIN)=-2; rate: -9.6
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
X-Auditid: 11807137-b7bf7ae000000f05-e3-4cdc730c67c8
Mime-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type: text/plain; charset=us-ascii
References:
X-Mailer: iPhone Mail (8B117)
In-Reply-To:
Message-Id:
X-Brightmail-Tracker: AAAAAQAAAZE=
X-Dspam-Result: Innocent
X-Dspam-Processed: Thu Nov 11 16:49:52 2010
X-Dspam-Confidence: 0.9920
X-Dspam-Probability: 0.0000
X-Dspam-Signature: 390,4cdc731025385225088591
X-Dspam-Factors: 27, University+>, 0.00196, >+Hi, 0.00208, >+Thanks, 0.00229, >+[mydomain redacted], 0.00283, >+>, 0.00600, >+>, 0.00600, >+I'm, 0.00666, wrote+>, 0.00672, It+would, 0.00812, Received*ESMTPSA, 0.00822, Received*ESMTPSA+id, 0.00822, Received*with+ESMTPSA, 0.00822, Sent+from, 0.00886, Research+Computing, 0.00923, glad+you're, 0.01000, >+Nothing, 0.01000, >+regards, 0.01000, us+The, 0.01000, edu>+713, 0.01000, areas+>, 0.01000, >+Bill, 0.01000, Received*(Apple, 0.01000, 34+PM, 0.01000, PGP, 0.01000, we're+having, 0.01000, a+fix, 0.01000, Received*(Apple+SCV, 0.01000



iVoid
Dec 27, 2010, 11:16 PM
Now THAT would be a feature that'd get me excited over lion.

Jethryn Freyman
Dec 28, 2010, 05:52 PM
Now THAT would be a feature that'd get me excited over lion.
Yes, I hate having to rely on PGP. It's a good product but I'd rather something more Apple-like, for example, the 10.6.5 update just broke PGP because it changed the boot.efi file that PGP used, this problem rendered Macs using PGP unbootable. Having a nice shiny Apple solution would hopefully be a way of avoiding problems like this in the future.

jayhawk11
Dec 29, 2010, 10:06 PM
From here:

http://www.tuaw.com/2010/11/15/why-10-6-5-and-symantecs-pgp-whole-disk-encryption-didnt-get-a/



... and the full email with headers:

Wow. This is legitimately the first cool "under the hood" thing that I've heard about with 10.7. Hopefully we find out more soon.

Jethryn Freyman
Feb 28, 2011, 09:29 PM
HAH! Confirmed!

http://macosrumors.com/2011/02/27/full-system-encryption-macosx-lion/

Anybody know any of the technical details?

I'm assuming it will use 256 bit AES. I'd also like to have the ability to NOT set a "safety net" password, and to use a separate password for booting and for login (beware keyloggers!)
---

OK, apparently it uses 128 bit AES in the XTS mode of operation. Not sure why they used 128 bit when every other product uses 256 bit though. It's not like the performance hit from moving to full 256 bit encryption is significant, given the fact that you're all ready encryption the whole disk.

Overall, good on Apple for doing it, I'll use it, at least now I won't have to worry about compatibility problems with PGP.

Mr. Retrofire
Mar 1, 2011, 04:57 AM
OK, apparently it uses 128 bit AES in the XTS mode of operation. Not sure why they used 128 bit when every other product uses 256 bit though. It's not like the performance hit from moving to full 256 bit encryption is significant, given the fact that you're all ready encryption the whole disk.

AES-256 (http://en.wikipedia.org/wiki/Advanced_Encryption_Standard) has more rounds, and is therefore slower than AES-128, even in hardware implementations, such as AES-NI. In mobile applications AES-256 needs more battery power than AES-128. AES-128 is also stronger than AES-256 (http://www.schneier.com/blog/archives/2009/07/another_new_aes.html) and AES-192. And btw, a strong key (a passphrase (http://en.wikipedia.org/wiki/Passphrase)) is equally important.

frunkis54
Mar 1, 2011, 12:43 PM
I know were gonna see topic after topic about people forgeting their password and are locked out of their computer. trying to figure a work around:eek:

Mr. Retrofire
Mar 1, 2011, 03:54 PM
I know were gonna see topic after topic about people forgeting their password and are locked out of their computer. trying to figure a work around:eek:

Save the recovery key on a USB-drive! Problem solved.

frunkis54
Mar 1, 2011, 06:49 PM
Save the recovery key on a USB-drive! Problem solved.

yes i understand that..

but i guarantee maybe a few months after release there will be multiple people trying to find workarounds because they don't remember the passwerd or the recovery key.

dacreativeguy
Mar 1, 2011, 07:46 PM
yes i understand that..

but i guarantee maybe a few months after release there will be multiple people trying to find workarounds because they don't remember the passwerd or the recovery key.

No need. Lion Full Disk Encryption provides you with a recovery token and allows you to send it to Apple for safe keeping.

frunkis54
Mar 1, 2011, 08:23 PM
No need. Lion Full Disk Encryption provides you with a recovery token and allows you to send it to Apple for safe keeping.

really?

i didn't see anything like that all i saw was before you turn it on it pretty much says do not lose either code or your screwed.

Nermal
Mar 1, 2011, 08:32 PM
really?

i didn't see anything like that all i saw was before you turn it on it pretty much says do not lose either code or your screwed.

It's true. Apparently you need to set up some security questions with Apple and they'll only give you the token back if you get them all right.

frunkis54
Mar 1, 2011, 09:18 PM
It's true. Apparently you need to set up some security questions with Apple and they'll only give you the token back if you get them all right.

my bad i stopped where it shows the key if only i would have hit continue i would have saw that :)

walshlink
Mar 2, 2011, 02:50 AM
Hmm...so I am going to encrypt that which I don't want others to see and send the key off to a third-party...


It's true. Apparently you need to set up some security questions with Apple and they'll only give you the token back if you get them all right.

Nermal
Mar 2, 2011, 02:13 PM
Hmm...so I am going to encrypt that which I don't want others to see and send the key off to a third-party...

Then don't send the key. Are you seriously complaining about having an option? :eek:

walshlink
Mar 3, 2011, 12:53 AM
No...that was a comment. Actually it was more of a rhetorical question with a dash of sarcasm.

I don't like people who misconstrue comments (or rhetorical questions) for complaints...NOW I am complaining.

Then don't send the key. Are you seriously complaining about having an option? :eek:

Jethryn Freyman
Mar 9, 2011, 07:01 PM
I think it's good that Apple has at least made full disk encryption ACCESSIBLE to Mac users and easy to use, just like Time Machine did for backups. Yes, it comes at a cost (i.e. using the user account password as the encryption password), but I guess this was their trade off between security and actually getting people to use it.

I don't see why Apple couldn't at least have it as an OPTION to set your own password, though.

Let's see what the final release of Lion brings.

binary10
Mar 12, 2011, 03:49 AM
Hmm...so I am going to encrypt that which I don't want others to see and send the key off to a third-party...

I'd hope that this was a optional item.

I fully disk encrypt my linux laptop disks with a passphrase and generate a filekey but never give it to a unknown-third party.

Jethryn Freyman
Mar 16, 2011, 11:00 PM
I'd hope that this was a optional item.
Yep, you get the option to choose if you want it sent to Apple.

MattInOz
Mar 21, 2011, 01:08 AM
I think it's good that Apple has at least made full disk encryption ACCESSIBLE to Mac users and easy to use, just like Time Machine did for backups. Yes, it comes at a cost (i.e. using the user account password as the encryption password), but I guess this was their trade off between security and actually getting people to use it.

I don't see why Apple couldn't at least have it as an OPTION to set your own password, though.

Let's see what the final release of Lion brings.

Which User password and what if you have multiple users?
So could you create an Admin user when you first configure the machine.
Enable Disk encryption in that user, then once it's up and running import your Main user profile which could then have a different password.

ozaz
Mar 22, 2011, 05:29 PM
Like MattInOz I too would like to know how this works on a mac with mutliple user accounts. Also, is the use of a guest account impossible with whole disk encryption? Have apple completely scrapped per-account encryption or have they left it as an option?

ae35unit
Mar 24, 2011, 01:52 PM
Further, does data pushed to Time Machine / Time Capsule remain encrypted (even optionally?) or will you have to choose between having automated, continuous backups or having your data secure?

Given Apple's market share (by no means negligible) and user demographic (much of the top 10% of users when ranked by $$ spent), it seems like they'd be in a perfect position to provide the first widespread use of real data security for the general public. I sure hope they follow up their initial release with complete, full-featured selection of cryptographic features.

They could also anoint a few multi-factor authentication solution vendors (or provide their own). It seems like there's a great opportunity to bring real, powerful encryption to the consumer, making it something you expect from the average joe and not simply an indicator that you're a very persistent geek. Seems like something Apple's well-suited for while being a great marketing differentiator when it comes to selling people on your particular 'cloud' services / storage - powerful, pervasive, open and tested encryption would make MobileMe much more attractive to me.

edifyingGerbil
Mar 25, 2011, 07:27 PM
If a court subpoenaed Apple to decrypt someone's hard disk drive do you think Apple would be able to do it, bypassing the user's password?

Jethryn Freyman
Mar 31, 2011, 05:15 AM
I don't have Lion, but I've been following this pretty close.

Like MattInOz I too would like to know how this works on a mac with mutliple user accounts.
I think there is an option to allow other user accounts (i.e. their passwords) to also decrypt the disk. That's what I hear, not sure how it works, might be wrong...

Also, is the use of a guest account impossible with whole disk encryption?
Doubt it, disk encryption requests a password on booting, from there it's basically transparent.

Have apple completely scrapped per-account encryption or have they left it as an option?
Haven't seen per-account encryption in any screenshots.

Further, does data pushed to Time Machine / Time Capsule remain encrypted (even optionally?)
You can now encrypt whole disks with Disk Utility. And when choosing a Time Machine disk, you have the option to encrypt it.

Given Apple's market share (by no means negligible) and user demographic (much of the top 10% of users when ranked by $$ spent), it seems like they'd be in a perfect position to provide the first widespread use of real data security for the general public.
Definitely, just like they did with Time Machine.

I sure hope they follow up their initial release with complete, full-featured selection of cryptographic features.
This is my hope too, specifically, them allowing to use whatever password you like for encryption, rather than doing it with your login password. Full disk encryption passwords are supposed to be LONG and complex, do you really want to be typing that in all the time when you're logged in just to authorise an app's installation? Also it makes it more vulnerable to keyloggers running on the OS and so forth,

If a court subpoenaed Apple to decrypt someone's hard disk drive do you think Apple would be able to do it, bypassing the user's password?
No, the encryption algorithm (AES) is totally secure when paired with a strong password. Of course, if you check the option to send the recovery key to Apple, it could probably be subpoenaed.

expat74
Jul 23, 2011, 07:14 AM
No, the encryption algorithm (AES) is totally secure when paired with a strong password. Of course, if you check the option to send the recovery key to Apple, it could probably be subpoenaed.

Also, I wouldn't trust Apple to not have another way in.