Disk encryption - a few questions

Discussion in 'Mac OS X Lion (10.7)' started by 537635, Sep 18, 2011.

Most Liked Posts
  1. 537635, Sep 18, 2011

    537635 macrumors 6502

    Joined:
    Mar 7, 2009
    #1
    Coming from TrueCrypt on W7 I have a few questions about disk encryption in Lion.

    1. Is it possible to change the password without reencrypting the whole disk (I realize it is not as safe, but I've used this several times before on non-cruical data as it saves a lot of time)?

    2. I read that it is possible to encrypt external (USB) hard drives. How does it work in reality? Does the system automount the encrypted external drives on login (if the password is the same as for the system disk)?

    3. Is it still possible to use Truecrypt for encrypting non-system hard disks? Is it true, that upon startup, Lion always offers to format Truecrypt encrypted hard disks as they are not recognized? Is it possible to disable these notifications?


    Thanks!
     
    share
    + Quote Reply
  2. SimonTheSoundMa, Sep 18, 2011

    SimonTheSoundMa macrumors 6502a

    Joined:
    Aug 6, 2006
    Location:
    Birmingham, UK
    #2
    1. You can, CoreStorage will need to decrypt the drive in the background, and then encrypt it again. Same for changing the size of partitions. It's a very slow process, but you can switch the machine on and off while it decrypting/encrypting.

    2. CoreStorage will encrypt the external drive in the background. It will automount at login if you save the password in your keychain, if you do not save it, you get a prompt for the password at login. It will only save the password in your user account keychain, so no other users can use the drive without knowing the password. A slight problem is you will need to unmount/eject the drive when you logout, if someone logs in to another account and it is still mounted, they can see the drive and its data.

    3. I can't answer that one.
     
    share
    + Quote Reply
  3. 537635, Sep 18, 2011

    537635 thread starter macrumors 6502

    Joined:
    Mar 7, 2009
    #3
    Thank you for a thorough answer! That explains mostly everything.
     
    share
    + Quote Reply
  4. Celeron, Sep 19, 2011

    Celeron macrumors 6502a

    Joined:
    Mar 11, 2004
    #4
    Sorry, this is incorrect. Changing your account password does not trigger reecryption of the hard drive.
     
    share
    + Quote Reply
  5. Sirolway, Sep 19, 2011

    Sirolway macrumors 6502

    Joined:
    Jun 13, 2009
    Location:
    London
    #5
    I don't think they were claiming that changing your account password would change your encryption password ...

    Also, my understanding is that you should be able to change your encryption password (why?) without it taking ages - as the FileVault password only lets it get at the 'real' encryption key. So you're only changing the password to a small bit of data, it's not actually the encryption key that's used to encrypt the whole volume. This means changing the FileVault password is quick, as it doesn't need to re-encrypt the drive.

    Not 100% sure this is correct, but that's my understanding. Try the Ars Technica article on Lion for more details.
     
    share
    + Quote Reply
  6. odinsride, Sep 19, 2011

    odinsride macrumors 65816

    odinsride

    Joined:
    Apr 11, 2007
    #6

    I have an external Truecrypt volume and always get this notification when I plug it in. I'd also like to know if there's a way to disable this!
     
    share
    + Quote Reply
  7. 537635, Sep 19, 2011

    537635 thread starter macrumors 6502

    Joined:
    Mar 7, 2009
    #7
    Do you also get it when you boot / wake-up the computer?

    I was thinking.... would it make any difference if the encryption would be partition based, instead of device based? :confused:
     
    share
    + Quote Reply
(You must log in or sign up to post here.)

Share This Page