PDA

View Full Version : How long will my conversion to filevault take?




GuitarG20
Oct 21, 2011, 11:09 PM
So after watching what my friend did with another friend's laptop, I want to enable filevault on my MBP. my question is: my hard drive has ~210 Gigs of stuff on it. If I enable filevault, how long will it take to encrypt the drive? and will using filevault cause any slowdowns to the computer?

MBP 8,3: 2.2 i7, 8Gigs RAM, 750 Gig 5400 RPM HDD, HD 6750 (duh)



iThinkergoiMac
Oct 21, 2011, 11:47 PM
First off, what did your friend do? I'm curious...

There shouldn't be any significant slowdown once it's all encrypted. It will take a long time to encrypt all that data, though. Better let it run overnight...

GuitarG20
Oct 22, 2011, 09:15 AM
he used a linix liveCD to figure out the password to another friend's computer... I dunno if filevault will actually help with that but i figured it would be a good idea to enable it anyways.

okay, thanks for the info! i'll let it run overnight tonight.

iThinkergoiMac
Oct 22, 2011, 09:54 AM
Depending on how he did it, FileVault may or may not help. If he was able to somehow source the password from tables or some file on the HDD, FileVault will help. If he just brute-forced the password (meaning the computer tried every permutation of characters until it got it right) then making a longer and more secure password will help far more than FileVault, which wouldn't help at all. All passwords can be broken with the brute force technique.

The main thing with FileVault is to either comply with security requirements for a job or something like that or to keep your data safe(r) if someone steals your computer.

GuitarG20
Oct 22, 2011, 10:34 AM
he used rainbow tables... so does this give me more protection?

and yeah i wanna keep this thing as secure as possible... given it's gianticness it's a relatively good find for thieves 0.o

marc11
Oct 22, 2011, 12:02 PM
he used rainbow tables... so does this give me more protection?

and yeah i wanna keep this thing as secure as possible... given it's gianticness it's a relatively good find for thieves 0.o

Having File Vault does not make your machine less likely to be stolen, it just means your data is safer, if someone steals your computer there is still a chance they will get to your data by getting the password. Of if your data is not interesting, they can just wipe your drive and install the OS fresh and boom, a nice usable PC for free.

SO you should ask yourself, what are you trying to protect? If you keep all of your login data in something like 1Password with strong passwords and if your master password for 1Password of Keychain is strong and different from your login password and if you do not enable auto login for any sites from your browser, you really do not need FIle Vault running. It is nice to have, but not required.

GuitarG20
Oct 22, 2011, 12:07 PM
Having File Vault does not make your machine less likely to be stolen, it just means your data is safer, if someone steals your computer there is still a chance they will get to your data by getting the password. Of if your data is not interesting, they can just wipe your drive and install the OS fresh and boom, a nice usable PC for free.

SO you should ask yourself, what are you trying to protect? If you keep all of your login data in something like 1Password with strong passwords and if your master password for 1Password of Keychain is strong and different from your login password and if you do not enable auto login for any sites from your browser, you really do not need FIle Vault running. It is nice to have, but not required.

I understand that it can still be stolen, but I do have sensitive things on it, so I want to make it hard for anyone to get them off the drive.

Queen6
Oct 22, 2011, 12:48 PM
Find my Mac - Remote Wipe, for me the data outweighs the cost of the machine more than tenfold. Physical security is the key, and I am not talking about a "Kensington Lock" etc.

Anything derived from software can be defeated by software given time. A firmware password will present a significant obstacle for those looking to run third party software to "open" the OS, File Vault will add an additional layer of protection.

If security is the concern, you have to protect the system at the lowest level first, if anyone can access the OS, they can potentially crack passwords etc, Firmware Password is a must..

iThinkergoiMac
Oct 22, 2011, 10:41 PM
he used rainbow tables... so does this give me more protection?

Essentially what he used was a table that has a ton (and I mean a TON) of pre-compiled character combinations and the program quickly went through them all until it got the right one. You can't protect against that with FileVault. It's basically guessing your password until it gets it right.

Find my Mac - Remote Wipe, for me the data outweighs the cost of the machine more than tenfold

This assumes that someone is actually connected to the internet. It's a great feature, but anyone who knows what they are doing and is trying to steal information would certainly not connect to the internet with a stolen computer. That's just plain stupid.

A firmware password will present a significant obstacle for those looking to run third party software to "open" the OS, File Vault will add an additional layer of protection.

+++

This is great advice. Follow it if you're concerned about security. Search for "Open Firmware Password" to get better results.

Mr. Retrofire
Oct 23, 2011, 06:24 AM
he used rainbow tables... so does this give me more protection?

and yeah i wanna keep this thing as secure as possible... given it's gianticness it's a relatively good find for thieves 0.o

Rainbow tables have a complexity limitation (http://en.wikipedia.org/wiki/Rainbow_table#Defense_against_rainbow_tables), which means that it is impossible to crack long passphrases (http://en.wikipedia.org/wiki/Passphrase), but it is possible to crack shorter low complexity passwords. I'm a long time PGP user (now Apple encrypted sparse images, created with Disk Utility) and the best thing you can do, is to increase the complexity of a possible attack via a long passphrase instead of a "simple" password.

Mr. Retrofire
Oct 23, 2011, 06:38 AM
Essentially what he used was a table that has a ton (and I mean a TON) of pre-compiled character combinations and the program quickly went through them all until it got the right one. You can't protect against that with FileVault. It's basically guessing your password until it gets it right.

You can protect your data with Lions FileVault! Rainbow tables have nothing to do with brute force attacks (you try to imply that). FileVault in Lion, if used with a long and complex passphrase (not only a password) can protect your data. You should shutdown your Mac, if you do not use it, because it is possible to copy the password/passphrase/hash value from the memory via DMA (FW800) (http://www.theregister.co.uk/2011/07/26/mac_password_stealer/). Thunderbolt uses also DMA like FW800.

tj2001
Oct 23, 2011, 10:52 PM
+++

This is great advice. Follow it if you're concerned about security. Search for "Open Firmware Password" to get better results.


Does applying an open firmware password prevent someone from wiping the HDD and just installing a fresh OS?

wovel
Oct 26, 2011, 09:55 AM
First off, what did your friend do? I'm curious...

There shouldn't be any significant slowdown once it's all encrypted. It will take a long time to encrypt all that data, though. Better let it run overnight...

I would be cautious with file vault 2 on Lion. Many of us who still had crashing problems after the 2010 MBP patch the other day discovered we were all running FV2. Removing the encryption stopped the crashing (so far, knock on unibody aluminum).

I will say it feels faster with fv2 off, less beach balls, etc. I thought lion sucked pretty bad, but I turned on FV2 the first day. This may all just be a factor of not rebooting from a crash every few hours though :).

I should add this is one the 2010 MBP and all the people I am aware of with FV2 problems are also on 2010 MBP, so if you have something else, it will likely not effect you.

GuitarG20
Oct 26, 2011, 12:41 PM
I would be cautious with file vault 2 on Lion. Many of us who still had crashing problems after the 2010 MBP patch the other day discovered we were all running FV2. Removing the encryption stopped the crashing (so far, knock on unibody aluminum).

I will say it feels faster with fv2 off, less beach balls, etc. I thought lion sucked pretty bad, but I turned on FV2 the first day. This may all just be a factor of not rebooting from a crash every few hours though :).

I should add this is one the 2010 MBP and all the people I am aware of with FV2 problems are also on 2010 MBP, so if you have something else, it will likely not effect you.

I have a 2011, and so far i have no problems. It took about 8 hours to encrypt the drive contents.

iThinkergoiMac
Oct 26, 2011, 03:39 PM
Rainbow tables have nothing to do with brute force attacks (you try to imply that).

Yep, I didn't quite understand what Rainbow tables were. My bad.