While waiting for my new SSD to arrive in the mail, I've been looking into FileVault 2. I like the idea of knowing that IF my MacBook were stolen, then my data would be as inaccessible as possible. However, I am one of those "always sleep, never shut down" users.
After some reading, I realize that even with FileVault 2, when its asleep my computer would be vulnerable to a cold boot attack. A fairly simple workaround is to configure sleep to go straight to hibernate mode, so then contents of RAM go to the disk, mitigating a cold boot attack. (I'm fine with the slower waking from hibernate, and I'm already used to typing my password when waking from sleep.) I've tested this on my current HDD, and while it's a little slow to wake, I'm okay with it as a more secure alternative to super fast wake from sleep.
However, the problem is that writing contents of RAM to an SSD every time I close the lid (on average at least 10 times/day) will kill the SSD probably within its warranty period because 8GB RAM x 10 hibernations/day = writing 80GB/day x 3 years = over 80TB written...excluding normal use. The Crucial MX100 SSD that I ordered has a 3 year warranty and an endurance rating for 72TB written, so that's really pushing the limit. I don't want to risk a drive failure after only a few years. I'll probably replace the drive after a few years just to be safe, but I'd like to do that on my time, not when forced to do so by a sudden crash.
So, I looked into moving the sleepimage file to the secondary HDD. Of course this is not so simple because FileVault 2 would only encrypt the primary SSD. Thus, manual encryption of the secondary HDD would be needed (otherwise a "cold boot attack" would be even easier with RAM contents firmly planted on the HDD). Many people have noted that if they move their Users folder to an encrypted secondary HDD when using FileVault 2 on their primary SSD, it causes login problems, but these issues can be resolved with a utility like Unlock. I don't care about moving my Users folder, so I would only be putting the hibernation file sleepimage on the encrypted secondary HDD (along with media files like photos, music, and movies that require storage capacity beyond an affordable SSD).
Would a tool such as Unlock also work well for the setup I described?
Note: Yes, I realize that I could try to break my "never shut down" habit, but if there is a workable solution to avoid that, I'd like to make it happen. I already tried to find a solution that shuts down the MacBook when closing the lid (instead of sleep or hibernate), but that seems to be impossible.
After some reading, I realize that even with FileVault 2, when its asleep my computer would be vulnerable to a cold boot attack. A fairly simple workaround is to configure sleep to go straight to hibernate mode, so then contents of RAM go to the disk, mitigating a cold boot attack. (I'm fine with the slower waking from hibernate, and I'm already used to typing my password when waking from sleep.) I've tested this on my current HDD, and while it's a little slow to wake, I'm okay with it as a more secure alternative to super fast wake from sleep.
However, the problem is that writing contents of RAM to an SSD every time I close the lid (on average at least 10 times/day) will kill the SSD probably within its warranty period because 8GB RAM x 10 hibernations/day = writing 80GB/day x 3 years = over 80TB written...excluding normal use. The Crucial MX100 SSD that I ordered has a 3 year warranty and an endurance rating for 72TB written, so that's really pushing the limit. I don't want to risk a drive failure after only a few years. I'll probably replace the drive after a few years just to be safe, but I'd like to do that on my time, not when forced to do so by a sudden crash.
So, I looked into moving the sleepimage file to the secondary HDD. Of course this is not so simple because FileVault 2 would only encrypt the primary SSD. Thus, manual encryption of the secondary HDD would be needed (otherwise a "cold boot attack" would be even easier with RAM contents firmly planted on the HDD). Many people have noted that if they move their Users folder to an encrypted secondary HDD when using FileVault 2 on their primary SSD, it causes login problems, but these issues can be resolved with a utility like Unlock. I don't care about moving my Users folder, so I would only be putting the hibernation file sleepimage on the encrypted secondary HDD (along with media files like photos, music, and movies that require storage capacity beyond an affordable SSD).
Would a tool such as Unlock also work well for the setup I described?
Note: Yes, I realize that I could try to break my "never shut down" habit, but if there is a workable solution to avoid that, I'd like to make it happen. I already tried to find a solution that shuts down the MacBook when closing the lid (instead of sleep or hibernate), but that seems to be impossible.