Filevault 2 encyrption - not very good.

Discussion in 'Mac OS X Lion (10.7)' started by Tonsko, Jul 11, 2012.

  1. Tonsko, Jul 11, 2012
    Last edited: Jul 11, 2012

    macrumors 6502

    Joined:
    Aug 19, 2010
    Location:
    UK
    #1
    Just a heads up.

    So, 3 forensic guys have found that FV2 doesn't do encryption 'properly'. By that, they mean that it is possible to read an encrypted volume knowing only the user password (it is possible to derive the master key of the encryption from the password). They have developed a set of libraries that can mount and read a FV2 encrypted disk without having physical access to the machine in question, even without running OSX.

    From the conclusion: "Our work allows any forensic investigator to use ar- bitrary tools to decrypt any data from a FileVault 2 encrypted volume, when the user password or a recovery token of the system are known. Further more, we have implemented an open source library and tooling to analyze and mount volumes encrypted with FileVault 2.
    We have also made an informal security analysis of the system and found, among others, that the entropy of the recovery password can be improved and that part of the user data is available in the clear."

    http://eprint.iacr.org/2012/374.pdf

    While this means that the average user has nothing to worry about (unless you're relying on it for privacy), it shouldn't really be used for company machines where IP is potentially held, as FV2 isn't an adequate protection.

    Thought some people might be interested.
     
  2. Mal
    macrumors 603

    Mal

    Joined:
    Jan 6, 2002
    Location:
    Orlando
    #2
    If you know the password, you can just boot the computer and access all the data. Doesn't seem like a security flaw to me.

    jW
     
  3. macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #3
    This. Having the password or the recovery token is are the keys to the drive.

    After all how do you unlock the drive to use in the first place? With your password.


    If the password is known, nothing is adequate protection. Those forensic guys are blowing a lot of smoke. Nothing to see here.
     
  4. Tonsko, Jul 11, 2012
    Last edited: Jul 11, 2012

    thread starter macrumors 6502

    Joined:
    Aug 19, 2010
    Location:
    UK
    #4
    Jeez, d'ya thunk?

    I think the point, clever clogs, was that they could extract the password from the disk itself. They didn't have to know the password before they started.
     
  5. Mal
    macrumors 603

    Mal

    Joined:
    Jan 6, 2002
    Location:
    Orlando
    #5
    No, they didn't have to have the recovery key. They had to have the user password before they started anything. At that point, it doesn't matter what you've done, there's no security. But they didn't get that password from the disk, or by any security flaw. They knew that password, and used it to access the recovery key for the drive. This is a complete non-issue.

    jW
     
  6. Tonsko, Jul 11, 2012
    Last edited: Jul 11, 2012

    thread starter macrumors 6502

    Joined:
    Aug 19, 2010
    Location:
    UK
    #6
    That's fair enough mate. You've clearly read down to line ~20 or whatever, and thought, "they're talking balls." and closed it in disgust.

    I mean, Apple must have thought they were talking balls, otherwise they wouldn't have released 2 FV2 patches as a result of this paper revealing flaws in its operation.

    But that's ok, I'm not going to force it down ya. I just posted it, thinking it might be of interest to someone who uses FV2, assuming that their data is protected as much as it might be if you were using PGP, or Checkpoint FDE. And now I've got into a typical internet slanging match. Awesome. I love it, me. Makes you wonder why you ****ing bother, really. Turnip.
     
  7. Mal
    macrumors 603

    Mal

    Joined:
    Jan 6, 2002
    Location:
    Orlando
    #7
    No, I read the whole thing. Thanks for assuming I'm an idiot. From the conclusion of the article:

    Next time, get over yourself.

    jW
     
  8. thread starter macrumors 6502

    Joined:
    Aug 19, 2010
    Location:
    UK
    #8
    That's not the only discussion in the paper though is it? It discusses numerous other weaknesses in the encryption, from the way it's implemented, to storing the salt in an trivially encrypted file.

    Filevault 2 is not very good.
     
  9. Mal
    macrumors 603

    Mal

    Joined:
    Jan 6, 2002
    Location:
    Orlando
    #9
    Their assessment wasn't nearly as derogatory as your posts are implying. Their basic conclusion was that if the user sets a trivially easy password, then it could be brute-forced, but as long as the password is non-trivial, it was still sufficient to keep the data from being accessed for approximately 34 years, if I remember their example correctly. So yes, perhaps it's not as robust as PGP or the other options, but it's certainly more than enough for anything less than CIA purposes.

    jW
     
  10. thread starter macrumors 6502

    Joined:
    Aug 19, 2010
    Location:
    UK
    #10
    Weeeelll. 34 years max. But if you take a 6 char password (which we know from various password dumps of eharmony, linkedin and a few other breaches that have occurred recently, 6 character passwords are pretty much in the middle of the SD curve), time to crack: 5.6 hours.

    Personally, I think they've made some design decisions that have compromised the confidence that people can have in this solution, can companies should certainly not be using it to protect machines that have IP on them. The average user, well I think that was covered in the OP.
     
  11. macrumors 6502a

    Joined:
    Feb 5, 2007
    #11
    It may be an issue, since when you "erase" a file vault volume, the only thing OSX does is delete the key from the system, so that it is no longer accessible.
    If you can access an encrypted volume without having this key, then you can recover information from a "deleted" file vault?

    It is also possible that I have no idea what I'm talking about.
     
  12. macrumors 65816

    Joined:
    Jan 9, 2007
    #12

    Well, if someone has a 6 letter password protecting a filevault2 volume, then they shouldn't expect it to be secure.

    To be secure, you need much longer passwords, especially if you're using it to protect encrypted data that you want to keep encrypted.
     
  13. macrumors 6502

    Joined:
    Jun 22, 2012
    #13
    Your sensationalist summary of their work is completely wrong.

    Their first goal was to produce software that will let you read a FileVault 2 drive if you remove it from the computer, and you have the password. They did that, which is a terrific and useful accomplishment. But there's no security risk in the fact that you can now read a FV2 drive in another computer, if you have the password.

    Their other findings were not significant. They found some unencrypted data that was probably left over from the previous disk format. They told Apple about this, and Apple released a patch to correct it.

    What it boils down to is that they found no significant problem with FV2. If anything, their work will instill more confidence in FV2 among security experts.
     
  14. macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #14
    This just about sums it up. FV2 is about as secure as any other full disk encryption option.

    And it's a a whole lot better than not using it.
     
  15. macrumors 6502

    Joined:
    Jun 22, 2012
    #15
    Yes, they analyzed the daylights out of it and they could not describe a way to defeat it. They did not claim that they defeated it, either.

    I believe that any knowledgeable people who read this paper will come away with higher confidence in FileVault 2.
     
  16. thread starter macrumors 6502

    Joined:
    Aug 19, 2010
    Location:
    UK
    #16
    Disagree. To me, that paper suggests that FV2 would match other FDE software is wrong because of choices made in the cryptographic process. Perhaps I was a little gung-ho, but that doesn't change the fact that for governmental/company use, the software it is not suitable. Which is why I posted it originally.
     
  17. macrumors 6502a

    Joined:
    Oct 21, 2011
    #17
    Apple never claimed it was.
     
  18. macrumors 6502

    Joined:
    Jun 22, 2012
    #18
    What aspect of the report leads you to that conclusion? What is the flaw? I don't see it.
     
  19. thread starter macrumors 6502

    Joined:
    Aug 19, 2010
    Location:
    UK
    #19
    Here's another issue with it, particularly after poor old Matt Honan's digital life-trashing.

    http://mjtsai.com/blog/2012/08/07/filevault-2s-apple-id-backdoor/

    This is not a criticism, just letting folk know about it so that they can work around it.
     
  20. macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #20
    Just one more example of a non-technical person getting into a technical argument. Ho hum.
     
  21. macrumors 6502

    Joined:
    Jun 22, 2012
    #21
    Again, not a security issue. When you encrypt a drive with FV2, you are given the option to let Apple store a recovery key on their servers. This is strictly optional, and under your full control.
     
  22. Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #22
    Just about every security method has this flaw - know the log in credentials and you're in.

    The only way to tighten this up is to use a secure-id card
     
  23. macrumors 601

    Joined:
    Aug 15, 2005
    #23
    I can hear the tech call now:

    "We found a flaw in your authentication mechanism. When supplied with the correct credentials, it authenticates us."
     
  24. macrumors 6502

    Joined:
    Jun 22, 2012
    #24
    FWIW, I've been running FileVault 2 on my MacBook Air without any difficulty. It was simple to do, and the result is completely transparent to me.
     
  25. Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #25
    Apple has really improved FV from 1 to 2. So much so, I opted to enable it. I was no fan of the earlier version of FileVault but apple has done a great job with this
     

Share This Page