Encrypted Disk Images vs. FileVault

Discussion in 'OS X Mavericks (10.9)' started by richard13, Dec 30, 2013.

  1. richard13 macrumors 6502a

    Joined:
    Aug 1, 2008
    Location:
    Mill Creek, WA
    #1
    Up until now I have been using encrypted disk images to secure my sensitive files. This has always been a bit cumbersome. But lately, more specifically since getting a new iMac and new MBP to replace my older models, it's become a major pain! Now, most of the time when I access the files in my encrypted images over my network I get slow performance, spinning beach balls, failure to dismount images after use, and one time a complete failure requiring a reboot.

    I got to thinking that maybe if I used FileVault instead these problems would go away. Not only that but it would remove some of the hoops I have to jump through to get at my data and it would encrypt all my data not just the files in the encrypted volumes. The potential downside is performance degredation from using FileVault.

    Does anyone use either of these methods? Have any experience/opinions to share?
     
  2. Bear macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #2
    FileVault is a rather small performance hit. More secure than just using some encrypted DMGs. An as you noted, less complex. And it is less performance overhead than using encrypted DMGs.

    Think of all the cookies in your web browser and login information in it. What if your computer gets lost or stolen? I Have FileVault turned on and I also have my Time Machine disks encrypted.
     
  3. richard13 thread starter macrumors 6502a

    Joined:
    Aug 1, 2008
    Location:
    Mill Creek, WA
    #3
    Thanks Bear, I think I'll give it a try. One more question though... what do you think about storing a key with Apple? My initial reaction is "no" but then I'm thinking maybe I'm being overly paranoid? :confused:
     
  4. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #4
    I'd store the key with Apple because if you are having trouble and you need it, you'll have a safe place to retrieve it from. I store the key in my 1Password vault which is also in Dropbox so in theory I have access to it on my other computer but still I think having it stored with Apple is a safe move

    I recall a thread or post here or elsewhere about someone not able to log in and didn't have their key (nor did they have it stored with apple) and they were basically SOL since they now had no way to decrypt or access their encrypted volume.
     
  5. richard13 thread starter macrumors 6502a

    Joined:
    Aug 1, 2008
    Location:
    Mill Creek, WA
    #5
    Hi Mike. Thanks for your reply. Yes, I am going to store mine in 1Password so I was thinking I didn't need to store it with Apple as well. You didn't say, do you store it in both places?
     
  6. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #6
    I store them both with Apple and in 1Password. I believe Apple stores the keys encrypted so they're pretty safe. Its not that I "trust" Apple but rather I want to give myself the best odds of recovering my drive in the event I need that key :)
     
  7. Bear macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #7
    I have the key in the password keeper I use. Also, for a password you'd have to use everyday, what is the chance of forgetting it?

    Of course I also have backups (encrypted) should something happen and my admin password no longer works on the iMac.
     
  8. richard13 thread starter macrumors 6502a

    Joined:
    Aug 1, 2008
    Location:
    Mill Creek, WA
    #8
    Thanks guys. I'm just a little worried about leaving the key with Apple. Not that I don't trust them to encrypt it and otherwise keep it safe but this leaves another surface for a hacker or thief to get my key by answering some common questions. On the other hand, it would be very bad for me to lock myself out of my own data. But what is the likelihood I would forget my login password and my 1Password password?

    I'll have to think about this one a bit.
     
  9. Bear macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #9
    If you forget both of those, you do have problems. And if you do store the key with Apple, you do have to remember the answers to the 3 security questions.
     
  10. bobr1952 macrumors 68020

    bobr1952

    Joined:
    Jan 21, 2008
    Location:
    Melbourne, FL
    #10
    I use Firevault on both my rMBP and iMac--never notice any performance hit. As for the key, I'm reluctant to store that anywhere remotely. So it stays with me--but that is a personal preference.
     
  11. richard13 thread starter macrumors 6502a

    Joined:
    Aug 1, 2008
    Location:
    Mill Creek, WA
    #11
    Hey guys. So I turned on FileVault on both of my iMac and MBP. On the MBP the only thing I notice is that the login screen used to be a dark gray and now it's a light gray (like what you see when you reboot). BTW, is there any way to get it to not do this? I don't like the light gray.

    On the iMac I see the same color change but I also note that I have to click down on the mouse to get it to register with the computer and the mouse pointer is very laggy. Also the keyboard is slow to react. Once I log in everything else seems fine.

    I presume this is because I have a wireless mouse and keyboard. Is this normal?
     
  12. Dark Dragoon macrumors 6502a

    Dark Dragoon

    Joined:
    Jul 28, 2006
    Location:
    UK
    #12
    The difference is that at the point where you login, OS X itself is not running and the partition which it is located on is locked. When you login at the pre-boot login screen it then unlocks the encrypted drive and boots OS X.

    So as far as I'm aware there is no easy way of changing the background. It may be possible you modifying parts of the recovery partition.

    The keyboard shouldn't be laggy once connected, however for me it takes a click and a slight wait for Bluetooth to connect at FileVault2's pre-boot login screen.
     
  13. richard13 thread starter macrumors 6502a

    Joined:
    Aug 1, 2008
    Location:
    Mill Creek, WA
    #13
    Ah, makes sense. Thanks for explaining how the boot process works using an encrypted volume. As far as background color is concerned I just wish it didn't look like that. But considering how few times I actually reboot I guess it doesn't matter much.

    Regarding the lagging mouse and keyboard. I bet you are right about the BT just needing some time to sync in the pre-boot environment. You didn't say if your mouse needs to be clicked or if it was lagging for you. Does it?

    Given that this is a pre-boot environment I guess I'm not surprised things aren't "normal" but I am a little disappointed that my wireless devices don't just sync up on their own. The experience on the MBP without wireless peripherals is nicer.
     
  14. Dark Dragoon macrumors 6502a

    Dark Dragoon

    Joined:
    Jul 28, 2006
    Location:
    UK
    #14
    Well if you want a better explanation of the process take a look at Appendix B (Page 40) of http://www.training.apple.com/pdf/WP_FileVault2.pdf (well its for Lion but I don't think that much if anything has changed).

    I think it does, however I don't normally use the mouse on the login screen.
    As I Just press the first letter of my name, enter, type my password, enter.

    I'll give the mouse a go later.
     
  15. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #15
    I use FV2 on my Macbook Air in clamshell mode with a TB display and an Apple Wireless KB and mouse, and I see the same thing. You need to either click the mouse once or hit a key on the KB to "wake up" the BT connection in that login screen. I usually just hit the down arrow key and that wakes up the KB and puts the cursor in the login password field.

    I suspect this is because at that point your are just running off the recovery partition and don't have access to a full set of mouse/KB drivers.
     
  16. richard13 thread starter macrumors 6502a

    Joined:
    Aug 1, 2008
    Location:
    Mill Creek, WA
    #16
    Ok, good. I'm glad it's not something odd with my iMac.

    I'll try the down-arrow approach. I always assumed you had to click inside the text box to type my password.
     

Share This Page