Disk encryption - a few questions

Discussion in 'Mac OS X Lion (10.7)' started by 537635, Sep 18, 2011.

  1. 537635 macrumors 6502

    Mar 7, 2009
    Coming from TrueCrypt on W7 I have a few questions about disk encryption in Lion.

    1. Is it possible to change the password without reencrypting the whole disk (I realize it is not as safe, but I've used this several times before on non-cruical data as it saves a lot of time)?

    2. I read that it is possible to encrypt external (USB) hard drives. How does it work in reality? Does the system automount the encrypted external drives on login (if the password is the same as for the system disk)?

    3. Is it still possible to use Truecrypt for encrypting non-system hard disks? Is it true, that upon startup, Lion always offers to format Truecrypt encrypted hard disks as they are not recognized? Is it possible to disable these notifications?

  2. SimonTheSoundMa macrumors 6502a

    Aug 6, 2006
    Birmingham, UK
    1. You can, CoreStorage will need to decrypt the drive in the background, and then encrypt it again. Same for changing the size of partitions. It's a very slow process, but you can switch the machine on and off while it decrypting/encrypting.

    2. CoreStorage will encrypt the external drive in the background. It will automount at login if you save the password in your keychain, if you do not save it, you get a prompt for the password at login. It will only save the password in your user account keychain, so no other users can use the drive without knowing the password. A slight problem is you will need to unmount/eject the drive when you logout, if someone logs in to another account and it is still mounted, they can see the drive and its data.

    3. I can't answer that one.
  3. 537635 thread starter macrumors 6502

    Mar 7, 2009
    Thank you for a thorough answer! That explains mostly everything.
  4. Celeron macrumors 6502a

    Mar 11, 2004
    Sorry, this is incorrect. Changing your account password does not trigger reecryption of the hard drive.
  5. Sirolway macrumors 6502

    Jun 13, 2009
    I don't think they were claiming that changing your account password would change your encryption password ...

    Also, my understanding is that you should be able to change your encryption password (why?) without it taking ages - as the FileVault password only lets it get at the 'real' encryption key. So you're only changing the password to a small bit of data, it's not actually the encryption key that's used to encrypt the whole volume. This means changing the FileVault password is quick, as it doesn't need to re-encrypt the drive.

    Not 100% sure this is correct, but that's my understanding. Try the Ars Technica article on Lion for more details.
  6. odinsride macrumors 65816


    Apr 11, 2007

    I have an external Truecrypt volume and always get this notification when I plug it in. I'd also like to know if there's a way to disable this!
  7. 537635 thread starter macrumors 6502

    Mar 7, 2009
    Do you also get it when you boot / wake-up the computer?

    I was thinking.... would it make any difference if the encryption would be partition based, instead of device based? :confused:

Share This Page