Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Is file vault really all that secure?
- Thread starter generik
- Start date
- Sort by reaction score
The File Vault password is not coupled with your login password. Meaning if you change you login password, you File Vault password does not change.
Personally, I prefer PGP. It allows me to encrypt and sign files and emails with the same key. Plus it is universal and cross-platform.
Personally, I prefer PGP. It allows me to encrypt and sign files and emails with the same key. Plus it is universal and cross-platform.
Did you set the master password at any time?
Here is mine (I've never used FV on this machine and never set a password):
![fv]()
Here is mine (I've never used FV on this machine and never set a password):
I don't know if you can remove it. But why is it a security loophole? I'm now actually thinking about setting a password but not turning FV on. I don't want someone else doing it. I don't want a password put in there that I don't know, because that would really screw things up.
generik said:Yeah.. apparently I was prompted the first time and I did set it
Is it possible to turn it off? Kinda a security loophole when you think about it.
If the data is really sensitive, only physically locking the computer up is safe. Even without Master Password set, FV can be crakced (given the thief has enough time to decrypt the data). Of course if it's only your accounts or credit card number, I wouldn't worry too[/t] much
generik said:I figured that a thief who has physical access to your machine can always use a boot up disc, reset your system's master password, then reset your password, and gain access.
So what's the point?
No encryption is going to be secure enough if someone has physical access to a machine...
whocares said:If the data is really sensitive, only physically locking the computer up is safe. Even without Master Password set, FV can be crakced (given the thief has enough time to decrypt the data). Of course if it's only your accounts or credit card number, I wouldn't worry too[/t] much
slightly off topic: how safe is keychain access? can somebody crack that by simply booting from an istall disk? i don't think so, but can the keychain passwords be hacked?
Cfg5 said:
Sure, people who carry sensitive corporate data on their laptops. Steve Jobs, for example.
generik said:Yeah.. apparently I was prompted the first time and I did set it
Is it possible to turn it off? Kinda a security loophole when you think about it.
Unnecessary anyway. You can't reset the master password via the boot-up disk, as the OP stated. That lets you reset the Admin password for the computer, but certainly not the FileVault password.
I highly doubt anyone short of the NSA can break the RSA encryption I use via PGP. The NSA even not be able to break it. Very secure.kingjr3 said:
I don't use filevault simply based on the fact that I don't trust myself to keep track of so many passwords. IF somebody did get a hold of my system they wouldn't find too much exciting stuff. All the good stuff is on my external drives
I'm also peckish after that whole debaucle where people couldn't decrypt their filevaulted files.
I'm also peckish after that whole debaucle where people couldn't decrypt their filevaulted files.
whocares said:If the data is really sensitive, only physically locking the computer up is safe. Even without Master Password set, FV can be crakced (given the thief has enough time to decrypt the data). Of course if it's only your accounts or credit card number, I wouldn't worry too[/t] much
True, it would only require 2^120 (or so) operations to break 128-bit AES. The amount of time needed to do this makes breaking the key in your lifetime infeasible.
Arguably, the very purpose of encryption is to ensure that data remains secure when kept or sent in an insecure medium.
Now, if my understanding of the way Filevault works, your password (or at least a hash of that password) is used as a seed to create the key actually used for encryption purposes. That means once your data is encrypted only your password can be used to decrypt it.
If the 'master password' option is enabled, that password is used to encrypt the user passwords (or their hashes). Only that master password can be used to decrypt the user passwords (or hashes).
I imagine that if you reset the master password, FileVault will then be unable to decrypt the user passwords/hashes. Without being able to decrypt the user passwords/hashes, one cannot use the master password to decrypt the user's home directory. If you reset the user's password, you still won't be able to decrypt the data. When Apple tells you that you are totally screwed if you forget both the master password and your login password, I would believe them; your data will be un-retrievable.
ElectricSheep said:
Well that's totally unfeasible, the time required to to that on BlueGene (136800 Gflops) exceeds Earth's life expectancy (cracking time > 1^14 years
)I was thinking more along the lines of "guessing" the password than actually trying to decrypt the data.
I was thinking about that too recently. Whats the point of the FV if somebody cracks your home directory password
I still dont quite get the relation between master and home folder passes and how is it any better than having one simple pass protected user account.
Resetting a user account with the master password just allows that user to login. Without the original set FileVault password, you still won't be able to read the encrypted data.
For example, say I have a user account with FileVault enabled and my password is 1234. If I forget that password, and reset the user account password using the master password, the user account password would no longer be 1234 (it would be whatever I set it to after using the master password), however, the FireVault data would still be encrypted with the original 1234 password. The master password does not change the FireVault password at all, only the login password for that user account. So unless the person knows your original password of 1234, they will not be able to see the encrypted data.
For example, say I have a user account with FileVault enabled and my password is 1234. If I forget that password, and reset the user account password using the master password, the user account password would no longer be 1234 (it would be whatever I set it to after using the master password), however, the FireVault data would still be encrypted with the original 1234 password. The master password does not change the FireVault password at all, only the login password for that user account. So unless the person knows your original password of 1234, they will not be able to see the encrypted data.
FileVault (and other disk encryption tools including full disk encryption solutions) is not safe from cold boot attacks if someone has physical access while the machine is still powered on (including sleep). Cold boot attacks reliably allow the recovery of disk encryption passwords from RAM.
So it is recommended that the system be powered OFF whenever it is not in use and the risk of theft is high. (Windows BitLocker disk encryption will reveal the password even if machine has been powered OFF if BitLocker is used with its basic default settings.)
Cold boot attacks are much less effective against sparse bundle disk images that are kept unmounted as much as possible while both logged in and out (FileVault image remains mounted while logged in). This is because the encryption keys are less likely to persist in RAM when the disk image is unmounted (overwritten). Unless a cold boot attack occurred soon after disk image was unmounted, the key for the disk image is secure.
The downside of not using full disk encryption is the swap files (includes hibernation image if battery drained during sleep) are not encrypted. But, users can encrypt the swap files by turning on "secure virtual memory" in the security pane of system preferences.
Given that cold boot attacks reveal a user's login password (that password also used for FileVault and login keychain), security sensitive items in the login keychain should be moved to a separate keychain that does not remain unlocked while logged in.
For extra security, use encrypted disk images as well as disk encryption solutions (FileVault & etc) if you need that level of enhanced security. Encrypted disk images alone should satisfy the security requirements of most users without the hassle of larger scale disk encryption, such as FileVault or TrueCrypt.
Make sure to have a good system of Backups if you are using any type of data encryption. Time Machine will only Backup FileVault images when the user is logged out but encrypted disk images (made with disk utility) do not impede Time Machine.
So it is recommended that the system be powered OFF whenever it is not in use and the risk of theft is high. (Windows BitLocker disk encryption will reveal the password even if machine has been powered OFF if BitLocker is used with its basic default settings.)
Cold boot attacks are much less effective against sparse bundle disk images that are kept unmounted as much as possible while both logged in and out (FileVault image remains mounted while logged in). This is because the encryption keys are less likely to persist in RAM when the disk image is unmounted (overwritten). Unless a cold boot attack occurred soon after disk image was unmounted, the key for the disk image is secure.
The downside of not using full disk encryption is the swap files (includes hibernation image if battery drained during sleep) are not encrypted. But, users can encrypt the swap files by turning on "secure virtual memory" in the security pane of system preferences.
Given that cold boot attacks reveal a user's login password (that password also used for FileVault and login keychain), security sensitive items in the login keychain should be moved to a separate keychain that does not remain unlocked while logged in.
For extra security, use encrypted disk images as well as disk encryption solutions (FileVault & etc) if you need that level of enhanced security. Encrypted disk images alone should satisfy the security requirements of most users without the hassle of larger scale disk encryption, such as FileVault or TrueCrypt.
Make sure to have a good system of Backups if you are using any type of data encryption. Time Machine will only Backup FileVault images when the user is logged out but encrypted disk images (made with disk utility) do not impede Time Machine.
Last edited:
used file vault since day 1 and never had any problems except for blizzard installers, just needed to move those out of the home folder.
The FileVault master password is present to recover FileVault data if the user account password has been forgotten. The master password is not present just to reset the account password. The master password is used to reset the FileVault password, which is the same as the user password, in the event that the user password has been forgotten. http://docs.info.apple.com/article.html?path=Mac/10.4/en/mh1877.html
User passwords can be reset by an administrator or via the install disk if the only administrator has forgotten the admin account password. http://support.apple.com/kb/HT1274
If the user password for a FileVault protected account is changed by an administrator without using the master password then the FileVault protected data is inaccessible without the master password. Users can change their FileVault password without the master password by changing the login password via the "Accounts" pane in System Preferences while they are logged in.
Last edited: