Disk encryption - a few questions

Discussion in 'Mac OS X Lion (10.7)' started by 537635, Sep 18, 2011.

  1. macrumors regular

    Joined:
    Mar 7, 2009
    #1
    Coming from TrueCrypt on W7 I have a few questions about disk encryption in Lion.

    1. Is it possible to change the password without reencrypting the whole disk (I realize it is not as safe, but I've used this several times before on non-cruical data as it saves a lot of time)?

    2. I read that it is possible to encrypt external (USB) hard drives. How does it work in reality? Does the system automount the encrypted external drives on login (if the password is the same as for the system disk)?

    3. Is it still possible to use Truecrypt for encrypting non-system hard disks? Is it true, that upon startup, Lion always offers to format Truecrypt encrypted hard disks as they are not recognized? Is it possible to disable these notifications?


    Thanks!
     
  2. macrumors 6502a

    Joined:
    Aug 6, 2006
    Location:
    Birmingham, UK
    #2
    1. You can, CoreStorage will need to decrypt the drive in the background, and then encrypt it again. Same for changing the size of partitions. It's a very slow process, but you can switch the machine on and off while it decrypting/encrypting.

    2. CoreStorage will encrypt the external drive in the background. It will automount at login if you save the password in your keychain, if you do not save it, you get a prompt for the password at login. It will only save the password in your user account keychain, so no other users can use the drive without knowing the password. A slight problem is you will need to unmount/eject the drive when you logout, if someone logs in to another account and it is still mounted, they can see the drive and its data.

    3. I can't answer that one.
     
  3. thread starter macrumors regular

    Joined:
    Mar 7, 2009
    #3
    Thank you for a thorough answer! That explains mostly everything.
     
  4. macrumors 6502a

    Joined:
    Mar 11, 2004
    #4
    Sorry, this is incorrect. Changing your account password does not trigger reecryption of the hard drive.
     
  5. macrumors 6502

    Joined:
    Jun 13, 2009
    Location:
    London
    #5
    I don't think they were claiming that changing your account password would change your encryption password ...

    Also, my understanding is that you should be able to change your encryption password (why?) without it taking ages - as the FileVault password only lets it get at the 'real' encryption key. So you're only changing the password to a small bit of data, it's not actually the encryption key that's used to encrypt the whole volume. This means changing the FileVault password is quick, as it doesn't need to re-encrypt the drive.

    Not 100% sure this is correct, but that's my understanding. Try the Ars Technica article on Lion for more details.
     
  6. macrumors 65816

    odinsride

    Joined:
    Apr 11, 2007
    #6

    I have an external Truecrypt volume and always get this notification when I plug it in. I'd also like to know if there's a way to disable this!
     
  7. thread starter macrumors regular

    Joined:
    Mar 7, 2009
    #7
    Do you also get it when you boot / wake-up the computer?

    I was thinking.... would it make any difference if the encryption would be partition based, instead of device based? :confused:
     

Share This Page