The thread about the security of File Vault prompted this question, but I thought it was best suited for a new, more specific thread. I tried to use File Vault once but it encrypted my entire profile folder including music, photos, etc... the vast majority of the files in there do not need to be encrypted at all. Encrypting and unencrypted all of those media files all the time is a waste of CPU cycles and just bogs down the machine. Is it possible to configure File Vault to just encrypt my Documents folder or perhaps a subfolder of Documents? That way I can just encrypt the files/folders that I feel need to be secured a bit more. I had looked for a setting like that in File Vault but didn't have any luck so I thought I would ask. Thanks.
No. FileVault will encrypt your home folder, and just your home folder. If you need one or more encrypted "folders" make encrypted disk images in Disk Utility. (Tip: Sparse images takes up just the space of what you put into them.)
I second that "nope". I don't trust FV for the square root of how far I could throw it. I also second the use of encrypted .dmgs as a better alternative.
If I make a sparse image, does that mean the 'Size' selection is ignored? (when you create a new disk image, you get a dialog box with 3 options- Size, Encryption, and Format. 'Format' is where you select sparse disk image.) EDIT- I know how it works. You still need to assign a maximum capacity to the disk image. I guess you should select a capacity that is somewhat larger than you expect to need, since there's no hit in file size if you create a sparse image.
I'll have to give encrypted disk images a try. Thanks for the advice. Does it use the same encryption method as File Vault?
Using an encrypted disk is working quite nicely for me. Thanks. I still wish you could set detailed settings on File Vault just so I wouldn't have to bother with mounting and unmounting. It's not a big deal but I think allowing you to choose which folders get encrypted in File Vault would be a more polished solution.
I recommend you trying PGP as well. Not only can you encrypt files, but you can sign them too. Same goes for email.
I am trying to use encrypted disk images for the first time and have a few questions: I placed some data in a folder on the desktop and tried to create a disk image with encryption. File>New>Disk Image from Folder. Ok, fine, but when mounting the image it opens with no prompt for a password (which I did create with image.)?? Will it only ask for a password if the admin user is not logged on? Also, how do you folks keep your sensitive banking etc. information....in a word document just typed out or what??
When you create the image, one of the select bars has a choice for password protection. If it didn't ask you for a password, you didn't choose that selection properly. try again. Oh, and you can't create it that way. Open Disk Utility, click the New Image button, make sure you choose the AES-128 under Encryption. Then you will be prompted for a password and it'll mount on the desktop.
I use an encrypted disk images for documents and important info. It's set to 60mb but I think I might need to make a new one for it is growing a lot. Filevault should definitely have the option to select what files you want protected. It could be like the spotlight preference window. Just drag the folders, like documents etc that need protecting instead of encrypting the whole home folder.
I've already discussed this in another thread, but it's worth mentioning again. For encryption that is twice as strong as the File Vault's 128 AES, if you don't want to use File Vault for any of the performance issues or you only want to encrypt file X, then it's very simple to do as long as you're not affraid to use the Terminal. (You shouldn't be! UNIX is your friend!) You can use OpenSSL (should be shipped with your Mac OS X) to encrypt your files with strong ciphers. Umm a small warning here, you will not have a "safety net" of a master password here. You can type Code: $ openssl enc -e -a -salt -aes-256-cbc -in examplefile.jpg -out examplefile.aes enter aes-256-cbc encryption password: Verifying password - enter aes-256-cbc encryption password: Then you type your password to use, and that's it. This will encrypt a file using Advanced Encryption Standard (AES) 256-bit. It will literally take a million years to crack that password with brute force.** **Using current technology, and assuming that you have a good password that's not common. To decrypt the file (you better know your password) Code: $ openssl enc -d -a -aes-256-cbc -in examplefile.aes -out examplefile.jpg enter aes-256-cbc decryption password: Enter your password and you're all set. Now you're l337... ok not really, but you have some serious encryption on those important files. It's just not practical to use this method on files that you touch every day, since the same steps must be repeated every time you want to open these files etc. P.S. I agree with everyone in this thread that the File Vault should let you pick exactly which directories you would like to be encrypted. This would avoid encrypting files that could cause problems for certain programs, as well as encrypting unncessairily like your iTunes library for example. If they had a user feature request for OS X 10.5 Leopard, this would be in my personal top 3.
Staaaaay awaaaaaaay! FileVault under Panther completely wiped out a co-worker's laptop last year. There's apparently a certain set of conditions related to a crashing app, loss of power and restart that keeps FileVault locked. When his laptop re-booted, it created a shadow user with a new home folder - no matter what he tried, he couldn't log in under the original user name. All data was completely lost, unless he wanted to pay in the thousands for a specialized service to de-crypt it and recover. It was a bad situation - if I can remember the specifics, I'll post links to the technical writeup I found online at the time that explains why and how it happened, and why there was no way to get his data back.
isnt it true you can use target disk mode and grab the filevault then use another mac to remount it and give the master password?
So should I just make a Word document and list out all of my passwords, usernames, account numbers, and such and then stick it in an encrypted disk image (with a great password obviously!)??
I don't think so.. there was finally a Windows app that would open disk images (.dmgs) from a Mac, but it couldn't handle encrypted images.
Just to be on the safe side, I wouldnt use Filevault just in case you dont remember your password - And if you do forget it, well then your screwed up because then Apple cant even trace the password.
If you pick a no-brainer password that you've used before, then forgetting shouldn't be a problem. If the CIA was determined to get into your Mac, then they could probably guess the password with trial and error. But it would still provide pretty good protection of your info for most purposes...