Can I pick what files/folder File Vault encrypts?

No. FileVault will encrypt your home folder, and just your home folder.

If you need one or more encrypted "folders" make encrypted disk images in Disk Utility. (Tip: Sparse images takes up just the space of what you put into them.)

 

I second that "nope".

I don't trust FV for the square root of how far I could throw it.

I also second the use of encrypted .dmgs as a better alternative.

 

If I make a sparse image, does that mean the 'Size' selection is ignored?

(when you create a new disk image, you get a dialog box with 3 options- Size, Encryption, and Format. 'Format' is where you select sparse disk image.)

EDIT- I know how it works. You still need to assign a maximum capacity to the disk image. I guess you should select a capacity that is somewhat larger than you expect to need, since there's no hit in file size if you create a sparse image.

 

From memory: Yes, both use 128 bit AES encryption.

 

I recommend you trying PGP as well. Not only can you encrypt files, but you can sign them too. Same goes for email.

 

I am trying to use encrypted disk images for the first time and have a few questions:

I placed some data in a folder on the desktop and tried to create a disk image with encryption. File>New>Disk Image from Folder. Ok, fine, but when mounting the image it opens with no prompt for a password (which I did create with image.)?? Will it only ask for a password if the admin user is not logged on?

Also, how do you folks keep your sensitive banking etc. information....in a word document just typed out or what??

 

When you create the image, one of the select bars has a choice for password protection. If it didn't ask you for a password, you didn't choose that selection properly. try again.

Oh, and you can't create it that way.

Open Disk Utility, click the New Image button, make sure you choose the AES-128 under Encryption. Then you will be prompted for a password and it'll mount on the desktop.

 

I use an encrypted disk images for documents and important info. It's set to 60mb but I think I might need to make a new one for it is growing a lot.

Filevault should definitely have the option to select what files you want protected. It could be like the spotlight preference window. Just drag the folders, like documents etc that need protecting instead of encrypting the whole home folder.

 

I've already discussed this in another thread, but it's worth mentioning again. For encryption that is twice as strong as the File Vault's 128 AES, if you don't want to use File Vault for any of the performance issues or you only want to encrypt file X, then it's very simple to do as long as you're not affraid to use the Terminal. (You shouldn't be! UNIX is your friend!)

You can use OpenSSL (should be shipped with your Mac OS X) to encrypt your files with strong ciphers. Umm a small warning here, you will not have a "safety net" of a master password here. You can type

Code:

$ openssl enc -e -a -salt -aes-256-cbc -in examplefile.jpg -out examplefile.aes
enter aes-256-cbc encryption password:
Verifying password - enter aes-256-cbc encryption password:

Then you type your password to use, and that's it. This will encrypt a file using Advanced Encryption Standard (AES) 256-bit. It will literally take a million years to crack that password with brute force.**
**Using current technology, and assuming that you have a good password that's not common.

To decrypt the file (you better know your password)

Code:

$ openssl enc -d -a -aes-256-cbc -in examplefile.aes -out examplefile.jpg
enter aes-256-cbc decryption password:

Enter your password and you're all set. Now you're l337... ok not really, but you have some serious encryption on those important files. It's just not practical to use this method on files that you touch every day, since the same steps must be repeated every time you want to open these files etc.


P.S. I agree with everyone in this thread that the File Vault should let you pick exactly which directories you would like to be encrypted. This would avoid encrypting files that could cause problems for certain programs, as well as encrypting unncessairily like your iTunes library for example. If they had a user feature request for OS X 10.5 Leopard, this would be in my personal top 3.

 

Staaaaay awaaaaaaay! FileVault under Panther completely wiped out a co-worker's laptop last year. There's apparently a certain set of conditions related to a crashing app, loss of power and restart that keeps FileVault locked. When his laptop re-booted, it created a shadow user with a new home folder - no matter what he tried, he couldn't log in under the original user name. All data was completely lost, unless he wanted to pay in the thousands for a specialized service to de-crypt it and recover.

It was a bad situation - if I can remember the specifics, I'll post links to the technical writeup I found online at the time that explains why and how it happened, and why there was no way to get his data back.

 

isnt it true you can use target disk mode and grab the filevault then use another mac to remount it and give the master password?

 

So should I just make a Word document and list out all of my passwords, usernames, account numbers, and such and then stick it in an encrypted disk image (with a great password obviously!)??

 

Does anyone know if you can open an encrypted image with another OS?

 

Sounds good, but I'd use text edit instead of word. More portable and standard that way.

 

Thanks, got it working now. Glad to know about this option now!

 

I don't think so.. there was finally a Windows app that would open disk images (.dmgs) from a Mac, but it couldn't handle encrypted images.

 

Just to be on the safe side, I wouldnt use Filevault just in case you dont remember your password - And if you do forget it, well then your screwed up because then Apple cant even trace the password.

 

If you pick a no-brainer password that you've used before, then forgetting shouldn't be a problem.

If the CIA was determined to get into your Mac, then they could probably guess the password with trial and error. But it would still provide pretty good protection of your info for most purposes...