Is file vault really all that secure?

Discussion in 'macOS' started by generik, Nov 9, 2005.

  1. generik macrumors 601

    generik

    Joined:
    Aug 5, 2005
    Location:
    Minitrue
    #1
    I figured that a thief who has physical access to your machine can always use a boot up disc, reset your system's master password, then reset your password, and gain access.

    So what's the point? :confused:
     
  2. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #2
    The File Vault password is not coupled with your login password. Meaning if you change you login password, you File Vault password does not change.

    Personally, I prefer PGP. It allows me to encrypt and sign files and emails with the same key. Plus it is universal and cross-platform.
     
  3. generik thread starter macrumors 601

    generik

    Joined:
    Aug 5, 2005
    Location:
    Minitrue
    #3
    Hmm.. but it does say there under System Preferences -> Security

    "A Master Password is set for this computer...... it lets you unlock any FileVault account on this computer."
     
  4. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #4
    Did you set the master password at any time?

    Here is mine (I've never used FV on this machine and never set a password):

    [​IMG]
     
  5. generik thread starter macrumors 601

    generik

    Joined:
    Aug 5, 2005
    Location:
    Minitrue
    #5
    Yeah.. apparently I was prompted the first time and I did set it :(

    Is it possible to turn it off? Kinda a security loophole when you think about it.
     
  6. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #6
    I don't know if you can remove it. But why is it a security loophole? I'm now actually thinking about setting a password but not turning FV on. I don't want someone else doing it. I don't want a password put in there that I don't know, because that would really screw things up.
     
  7. whocares macrumors 65816

    whocares

    Joined:
    Oct 9, 2002
    Location:
    :noitаɔo˩
    #7
    If the data is really sensitive, only physically locking the computer up is safe. Even without Master Password set, FV can be crakced (given the thief has enough time to decrypt the data). Of course if it's only your accounts or credit card number, I wouldn't worry too[/t] much ;)
     
  8. jeremy.king macrumors 603

    jeremy.king

    Joined:
    Jul 23, 2002
    Location:
    Fuquay Varina, NC
    #8
    No encryption is going to be secure enough if someone has physical access to a machine...
     
  9. Cfg5 macrumors regular

    Joined:
    Nov 27, 2003
    Location:
    California
  10. andiwm2003 macrumors 601

    andiwm2003

    Joined:
    Mar 29, 2004
    Location:
    Boston, MA
    #10




    slightly off topic: how safe is keychain access? can somebody crack that by simply booting from an istall disk? i don't think so, but can the keychain passwords be hacked?
     
  11. wordmunger macrumors 603

    wordmunger

    Joined:
    Sep 3, 2003
    Location:
    North Carolina
    #11
    Sure, people who carry sensitive corporate data on their laptops. Steve Jobs, for example.
     
  12. cosmicsoftceo macrumors newbie

    Joined:
    Oct 11, 2002
    #12
    Unnecessary anyway. You can't reset the master password via the boot-up disk, as the OP stated. That lets you reset the Admin password for the computer, but certainly not the FileVault password.
     
  13. Dagless macrumors Core

    Dagless

    Joined:
    Jan 18, 2005
    Location:
    Fighting to stay in the EU
    #13
    I tried it when i first got OSX. Might do it again soon, permanently *been watching too much Spooks*`
     
  14. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #14
    I highly doubt anyone short of the NSA can break the RSA encryption I use via PGP. The NSA even not be able to break it. Very secure.
     
  15. JDOG_ macrumors 6502a

    JDOG_

    Joined:
    Nov 19, 2003
    Location:
    Oakland
    #15
    I don't use filevault simply based on the fact that I don't trust myself to keep track of so many passwords. IF somebody did get a hold of my system they wouldn't find too much exciting stuff. All the good stuff is on my external drives :D

    I'm also peckish after that whole debaucle where people couldn't decrypt their filevaulted files.
     
  16. ElectricSheep macrumors 6502

    ElectricSheep

    Joined:
    Feb 18, 2004
    Location:
    Wilmington, DE
    #16


    True, it would only require 2^120 (or so) operations to break 128-bit AES. The amount of time needed to do this makes breaking the key in your lifetime infeasible.

    Arguably, the very purpose of encryption is to ensure that data remains secure when kept or sent in an insecure medium.

    Now, if my understanding of the way Filevault works, your password (or at least a hash of that password) is used as a seed to create the key actually used for encryption purposes. That means once your data is encrypted only your password can be used to decrypt it.

    If the 'master password' option is enabled, that password is used to encrypt the user passwords (or their hashes). Only that master password can be used to decrypt the user passwords (or hashes).

    I imagine that if you reset the master password, FileVault will then be unable to decrypt the user passwords/hashes. Without being able to decrypt the user passwords/hashes, one cannot use the master password to decrypt the user's home directory. If you reset the user's password, you still won't be able to decrypt the data. When Apple tells you that you are totally screwed if you forget both the master password and your login password, I would believe them; your data will be un-retrievable.
     
  17. Bern macrumors 68000

    Bern

    Joined:
    Nov 10, 2004
    Location:
    Australia
    #17
    I've never used File Vault for the same reason stated earlier, that drama with it not decrypting and corrupting the Home folder scared me away from it for life.
     
  18. whocares macrumors 65816

    whocares

    Joined:
    Oct 9, 2002
    Location:
    :noitаɔo˩
    #18
    Well that's totally unfeasible, the time required to to that on BlueGene (136800 Gflops) exceeds Earth's life expectancy (cracking time > 1^14 years :eek: )

    I was thinking more along the lines of "guessing" the password than actually trying to decrypt the data.
     
  19. mabaker macrumors 65816

    mabaker

    Joined:
    Jan 19, 2008
    #19
    I was thinking about that too recently. What’s the point of the FV if somebody cracks your home directory password… I still don’t quite get the relation between master and home folder passes and how is it any better than having one simple pass protected user account.:rolleyes:
     
  20. Beaverman3001 macrumors 6502

    Joined:
    May 20, 2010
    #20
    Resetting a user account with the master password just allows that user to login. Without the original set FileVault password, you still won't be able to read the encrypted data.

    For example, say I have a user account with FileVault enabled and my password is 1234. If I forget that password, and reset the user account password using the master password, the user account password would no longer be 1234 (it would be whatever I set it to after using the master password), however, the FireVault data would still be encrypted with the original 1234 password. The master password does not change the FireVault password at all, only the login password for that user account. So unless the person knows your original password of 1234, they will not be able to see the encrypted data.
     
  21. neko girl macrumors 6502a

    neko girl

    Joined:
    Jan 20, 2011
    #21
    Does anyone know if Mac has a whole disk encryption solution?
     
  22. munkery, Feb 12, 2011
    Last edited: Feb 12, 2011

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #22
    FileVault (and other disk encryption tools including full disk encryption solutions) is not safe from cold boot attacks if someone has physical access while the machine is still powered on (including sleep). Cold boot attacks reliably allow the recovery of disk encryption passwords from RAM.

    So it is recommended that the system be powered OFF whenever it is not in use and the risk of theft is high. (Windows BitLocker disk encryption will reveal the password even if machine has been powered OFF if BitLocker is used with its basic default settings.)

    Cold boot attacks are much less effective against sparse bundle disk images that are kept unmounted as much as possible while both logged in and out (FileVault image remains mounted while logged in). This is because the encryption keys are less likely to persist in RAM when the disk image is unmounted (overwritten). Unless a cold boot attack occurred soon after disk image was unmounted, the key for the disk image is secure.

    The downside of not using full disk encryption is the swap files (includes hibernation image if battery drained during sleep) are not encrypted. But, users can encrypt the swap files by turning on "secure virtual memory" in the security pane of system preferences.

    Given that cold boot attacks reveal a user's login password (that password also used for FileVault and login keychain), security sensitive items in the login keychain should be moved to a separate keychain that does not remain unlocked while logged in.

    For extra security, use encrypted disk images as well as disk encryption solutions (FileVault & etc) if you need that level of enhanced security. Encrypted disk images alone should satisfy the security requirements of most users without the hassle of larger scale disk encryption, such as FileVault or TrueCrypt.

    Make sure to have a good system of Backups if you are using any type of data encryption. Time Machine will only Backup FileVault images when the user is logged out but encrypted disk images (made with disk utility) do not impede Time Machine.
     
  23. mulo macrumors 68020

    mulo

    Joined:
    Aug 22, 2010
    Location:
    Behind you
    #23
    used file vault since day 1 and never had any problems except for blizzard installers, just needed to move those out of the home folder.
     
  24. mabaker macrumors 65816

    mabaker

    Joined:
    Jan 19, 2008
    #24
    Thank you. Very kind. :)
     
  25. munkery, Feb 12, 2011
    Last edited: Feb 12, 2011

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #25
    The FileVault master password is present to recover FileVault data if the user account password has been forgotten. The master password is not present just to reset the account password. The master password is used to reset the FileVault password, which is the same as the user password, in the event that the user password has been forgotten. http://docs.info.apple.com/article.html?path=Mac/10.4/en/mh1877.html

    User passwords can be reset by an administrator or via the install disk if the only administrator has forgotten the admin account password. http://support.apple.com/kb/HT1274

    If the user password for a FileVault protected account is changed by an administrator without using the master password then the FileVault protected data is inaccessible without the master password. Users can change their FileVault password without the master password by changing the login password via the "Accounts" pane in System Preferences while they are logged in.
     

Share This Page