Encrypt Drive or Not?

mneblett

macrumors 6502
Original poster
Jun 7, 2008
369
0
I've read a few horror stories about lost/stolen MBP's, and I understand that encrypting the storage would provide protection against personal information being extracted/misused.

Before I take the plunge and encrypt my SSD, however, I want to understand what may be the consequences of encryption.

Any impact on system performance? My primary concern is making my machine slower/sluggish. (Two cases here: I have a late '13 rMBP and a late '08 MBP, both with SSD)

Any other impacts?

Thanks for your thoughts.
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
29,179
8,829
California
I have been using Filevault since it was released and never had a problem. Benchmark tests like this show a bit of a performance hit, but I have never been able to tell the difference.

The good news is, it is very easy to turn if off if you don't like it. Turn it on and use the machine and if you find it slows you down, just turn it off.

IMO if you are using a portable that you take out of the house, it is imperative that your turn on encryption.
 

whiteonline

macrumors 6502
Aug 19, 2011
488
195
California, USA
I agree with Weaselboy. There is no reason to not use it. The performance impact is minimal.

I also recommend enabling the firmware password.

My thoughts: If my MacBook is stolen, not only is my data safe because of file vault, the machine itself becomes a big aluminum doorstop with the firmware password enabled.
 

mneblett

macrumors 6502
Original poster
Jun 7, 2008
369
0
Thanks -- doorstop mode is already engaged :)

That's exactly what I was looking for -- time to give Filevault a try.
 

maflynn

Moderator
Staff member
May 3, 2009
63,860
30,383
Boston
I have FV2 engaged on my rMBP - I think given the risk of theft, its a no brainer and the performance hit isn't that bad.
 

laurihoefs

macrumors 6502a
Mar 1, 2013
792
22
I agree with what Weaselboy, whiteonline and maflynn have said, and my own experience with File Vault on a mid-2012 15" rMBP supports this.

I'd like to add something to the review Weaselboy linked: the benchmarks were run on a Sandy Bridge CPU, and the AES performance of current Haswell CPUs is slightly better. So on your 13" rMBP the performance hit should be even less noticeable.

The older Core 2 Duo CPU of the '08 MBP does not support AES-NI though, so its disk-I/O performance might take a bit more hit. But even that should be barely noticeable in use, if at all.
 

mneblett

macrumors 6502
Original poster
Jun 7, 2008
369
0
I have completed the FileVault encryption. I have not yet noticed an appreciable performance hit; the only difference so far is the need to enter my password any time the machine wakes from sleep.

The older Core 2 Duo CPU of the '08 MBP does not support AES-NI though, so its disk-I/O performance might take a bit more hit. But even that should be barely noticeable in use, if at all.
Thanks for the info. The late '08 C2D never leaves the house, and does not have much in the way of "critical" info on it (it is my now-retired MBP, primarily used by my spouse when her iPad is not at hand). I will leave that machine unencrypted.
 

bobr1952

macrumors 68020
Jan 21, 2008
2,040
39
Melbourne, FL
Love Firevault--works great on my rMBP and even on my 6 yo iMac it runs just fine with no noticeable performance hit. Highly recommended to secure your data.
 

G0meZ

macrumors regular
Aug 9, 2011
180
0
I agree with Weaselboy. There is no reason to not use it. The performance impact is minimal.

I also recommend enabling the firmware password.

My thoughts: If my MacBook is stolen, not only is my data safe because of file vault, the machine itself becomes a big aluminum doorstop with the firmware password enabled.
uh say, with fv2 on, what are the benefits of the firmware password?
 

mneblett

macrumors 6502
Original poster
Jun 7, 2008
369
0
uh say, with fv2 on, what are the benefits of the firmware password?
As I understand it, without a firmware password, the machine can be wiped (eliminating the encrypted data completely) and a fresh OS installed -- in other words, the machine can be reused. With a firmware password, the machine is essentially bricked, so essentially no market for it, except for parts.
 

maflynn

Moderator
Staff member
May 3, 2009
63,860
30,383
Boston
As I understand it, without a firmware password, the machine can be wiped (eliminating the encrypted data completely) and a fresh OS installed -- in other words, the machine can be reused. With a firmware password, the machine is essentially bricked, so essentially no market for it, except for parts.
I'm more concerned about my data then the laptop, so I don't have the firmware password set, but that's just me.
 

mneblett

macrumors 6502
Original poster
Jun 7, 2008
369
0
I'm more concerned about my data then the laptop, so I don't have the firmware password set, but that's just me.
Understood. I prefer the satisfaction of knowing that if stolen, the b@$$%&d that took it can't get any benefit from the evil deed.
 

G0meZ

macrumors regular
Aug 9, 2011
180
0
As I understand it, without a firmware password, the machine can be wiped (eliminating the encrypted data completely) and a fresh OS installed -- in other words, the machine can be reused. With a firmware password, the machine is essentially bricked, so essentially no market for it, except for parts.
Sure?
Last time i checked on some earlier mbp, all that was needed to reset that paasword was removing the ram...
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
29,179
8,829
California
uh say, with fv2 on, what are the benefits of the firmware password?
It prevents anybody from booting from anything other than the currently set boot drive, making hacking more difficult. Also has the added bonus of making your stolen machine pretty much worthless to a thief.

Sure?
Last time i checked on some earlier mbp, all that was needed to reset that paasword was removing the ram...
Not since 2011 models.
 
Last edited:

DaveTheRave

macrumors 6502a
May 22, 2003
597
168
If you enable it does it have any impact on Time Machine? Would your next backup take a very long time?
 

maflynn

Moderator
Staff member
May 3, 2009
63,860
30,383
Boston
If you enable it does it have any impact on Time Machine? Would your next backup take a very long time?
It has no meaningful impact on TM, there's a slight impact on performance due to the overhead of decrypting when accessing data on the drive. The TM backup will be unencrypted unless you choose to encrypt your TM backups as well.
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
29,179
8,829
California
If you enable it does it have any impact on Time Machine? Would your next backup take a very long time?
The next backup will be no different than normal. Think of this as putting all your data inside a locked box. Once you login the box is opened and all the data is sitting there the same as it always was.

Like maflynn touched on, it is a good idea to also encrypt your Time Machine backup also.
 

Gunlance

macrumors newbie
Jul 6, 2012
18
0
if FV is enabled, can you still plug the drive in as an external device to copy files? Such as if I get a new mac and want to copy over my music without doing migration assistant?
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
29,179
8,829
California
if FV is enabled, can you still plug the drive in as an external device to copy files? Such as if I get a new mac and want to copy over my music without doing migration assistant?
Do you mean with the FV drive still in the source machine? Yes, as long as you are logged in the "vault" is open and the OS works pretty much normally. So Migration Assistant or even file sharing to move files would work like normal.

By "plug the drive in" are you meaning putting the FV drive in an external enclosure and accessing it that way? You could do that then start Disk Util and go to the File menu and select unlock disk and supply your FV password to unlock the drive.