Encrypted Disk Images vs. FileVault

richard13

macrumors 6502a
Original poster
Aug 1, 2008
573
23
Sautee Nacoochee, GA
Up until now I have been using encrypted disk images to secure my sensitive files. This has always been a bit cumbersome. But lately, more specifically since getting a new iMac and new MBP to replace my older models, it's become a major pain! Now, most of the time when I access the files in my encrypted images over my network I get slow performance, spinning beach balls, failure to dismount images after use, and one time a complete failure requiring a reboot.

I got to thinking that maybe if I used FileVault instead these problems would go away. Not only that but it would remove some of the hoops I have to jump through to get at my data and it would encrypt all my data not just the files in the encrypted volumes. The potential downside is performance degredation from using FileVault.

Does anyone use either of these methods? Have any experience/opinions to share?
 

Bear

macrumors G3
Jul 23, 2002
8,088
4
Sol III - Terra
FileVault is a rather small performance hit. More secure than just using some encrypted DMGs. An as you noted, less complex. And it is less performance overhead than using encrypted DMGs.

Think of all the cookies in your web browser and login information in it. What if your computer gets lost or stolen? I Have FileVault turned on and I also have my Time Machine disks encrypted.
 

richard13

macrumors 6502a
Original poster
Aug 1, 2008
573
23
Sautee Nacoochee, GA
FileVault is a rather small performance hit. More secure than just using some encrypted DMGs. An as you noted, less complex. And it is less performance overhead than using encrypted DMGs.

Think of all the cookies in your web browser and login information in it. What if your computer gets lost or stolen? I Have FileVault turned on and I also have my Time Machine disks encrypted.
Thanks Bear, I think I'll give it a try. One more question though... what do you think about storing a key with Apple? My initial reaction is "no" but then I'm thinking maybe I'm being overly paranoid? :confused:
 

maflynn

Moderator
Staff member
May 3, 2009
66,710
33,603
Boston
One more question though... what do you think about storing a key with Apple? My initial reaction is "no" but then I'm thinking maybe I'm being overly paranoid? :confused:
I'd store the key with Apple because if you are having trouble and you need it, you'll have a safe place to retrieve it from. I store the key in my 1Password vault which is also in Dropbox so in theory I have access to it on my other computer but still I think having it stored with Apple is a safe move

I recall a thread or post here or elsewhere about someone not able to log in and didn't have their key (nor did they have it stored with apple) and they were basically SOL since they now had no way to decrypt or access their encrypted volume.
 

richard13

macrumors 6502a
Original poster
Aug 1, 2008
573
23
Sautee Nacoochee, GA
I'd store the key with Apple because if you are having trouble and you need it, you'll have a safe place to retrieve it from. I store the key in my 1Password vault which is also in Dropbox so in theory I have access to it on my other computer but still I think having it stored with Apple is a safe move

I recall a thread or post here or elsewhere about someone not able to log in and didn't have their key (nor did they have it stored with apple) and they were basically SOL since they now had no way to decrypt or access their encrypted volume.
Hi Mike. Thanks for your reply. Yes, I am going to store mine in 1Password so I was thinking I didn't need to store it with Apple as well. You didn't say, do you store it in both places?
 

maflynn

Moderator
Staff member
May 3, 2009
66,710
33,603
Boston
I store them both with Apple and in 1Password. I believe Apple stores the keys encrypted so they're pretty safe. Its not that I "trust" Apple but rather I want to give myself the best odds of recovering my drive in the event I need that key :)
 

Bear

macrumors G3
Jul 23, 2002
8,088
4
Sol III - Terra
Thanks Bear, I think I'll give it a try. One more question though... what do you think about storing a key with Apple? My initial reaction is "no" but then I'm thinking maybe I'm being overly paranoid? :confused:
I have the key in the password keeper I use. Also, for a password you'd have to use everyday, what is the chance of forgetting it?

Of course I also have backups (encrypted) should something happen and my admin password no longer works on the iMac.
 

richard13

macrumors 6502a
Original poster
Aug 1, 2008
573
23
Sautee Nacoochee, GA
Thanks guys. I'm just a little worried about leaving the key with Apple. Not that I don't trust them to encrypt it and otherwise keep it safe but this leaves another surface for a hacker or thief to get my key by answering some common questions. On the other hand, it would be very bad for me to lock myself out of my own data. But what is the likelihood I would forget my login password and my 1Password password?

I'll have to think about this one a bit.
 

Bear

macrumors G3
Jul 23, 2002
8,088
4
Sol III - Terra
...
But what is the likelihood I would forget my login password and my 1Password password?

I'll have to think about this one a bit.
If you forget both of those, you do have problems. And if you do store the key with Apple, you do have to remember the answers to the 3 security questions.
 

bobr1952

macrumors 68020
Jan 21, 2008
2,040
39
Melbourne, FL
I use Firevault on both my rMBP and iMac--never notice any performance hit. As for the key, I'm reluctant to store that anywhere remotely. So it stays with me--but that is a personal preference.
 

richard13

macrumors 6502a
Original poster
Aug 1, 2008
573
23
Sautee Nacoochee, GA
Hey guys. So I turned on FileVault on both of my iMac and MBP. On the MBP the only thing I notice is that the login screen used to be a dark gray and now it's a light gray (like what you see when you reboot). BTW, is there any way to get it to not do this? I don't like the light gray.

On the iMac I see the same color change but I also note that I have to click down on the mouse to get it to register with the computer and the mouse pointer is very laggy. Also the keyboard is slow to react. Once I log in everything else seems fine.

I presume this is because I have a wireless mouse and keyboard. Is this normal?
 

Dark Dragoon

macrumors 6502a
Jul 28, 2006
843
3
UK
Hey guys. So I turned on FileVault on both of my iMac and MBP. On the MBP the only thing I notice is that the login screen used to be a dark gray and now it's a light gray (like what you see when you reboot). BTW, is there any way to get it to not do this? I don't like the light gray.
The difference is that at the point where you login, OS X itself is not running and the partition which it is located on is locked. When you login at the pre-boot login screen it then unlocks the encrypted drive and boots OS X.

So as far as I'm aware there is no easy way of changing the background. It may be possible you modifying parts of the recovery partition.

On the iMac I see the same color change but I also note that I have to click down on the mouse to get it to register with the computer and the mouse pointer is very laggy. Also the keyboard is slow to react. Once I log in everything else seems fine.

I presume this is because I have a wireless mouse and keyboard. Is this normal?
The keyboard shouldn't be laggy once connected, however for me it takes a click and a slight wait for Bluetooth to connect at FileVault2's pre-boot login screen.
 

richard13

macrumors 6502a
Original poster
Aug 1, 2008
573
23
Sautee Nacoochee, GA
The difference is that at the point where you login, OS X itself is not running and the partition which it is located on is locked. When you login at the pre-boot login screen it then unlocks the encrypted drive and boots OS X.

So as far as I'm aware there is no easy way of changing the background. It may be possible you modifying parts of the recovery partition.


The keyboard shouldn't be laggy once connected, however for me it takes a click and a slight wait for Bluetooth to connect at FileVault2's pre-boot login screen.
Ah, makes sense. Thanks for explaining how the boot process works using an encrypted volume. As far as background color is concerned I just wish it didn't look like that. But considering how few times I actually reboot I guess it doesn't matter much.

Regarding the lagging mouse and keyboard. I bet you are right about the BT just needing some time to sync in the pre-boot environment. You didn't say if your mouse needs to be clicked or if it was lagging for you. Does it?

Given that this is a pre-boot environment I guess I'm not surprised things aren't "normal" but I am a little disappointed that my wireless devices don't just sync up on their own. The experience on the MBP without wireless peripherals is nicer.
 

Dark Dragoon

macrumors 6502a
Jul 28, 2006
843
3
UK
Ah, makes sense. Thanks for explaining how the boot process works using an encrypted volume.
Well if you want a better explanation of the process take a look at Appendix B (Page 40) of http://www.training.apple.com/pdf/WP_FileVault2.pdf (well its for Lion but I don't think that much if anything has changed).

Regarding the lagging mouse and keyboard. I bet you are right about the BT just needing some time to sync in the pre-boot environment. You didn't say if your mouse needs to be clicked or if it was lagging for you. Does it?
I think it does, however I don't normally use the mouse on the login screen.
As I Just press the first letter of my name, enter, type my password, enter.

I'll give the mouse a go later.
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
30,352
10,125
California
Given that this is a pre-boot environment I guess I'm not surprised things aren't "normal" but I am a little disappointed that my wireless devices don't just sync up on their own. The experience on the MBP without wireless peripherals is nicer.
I use FV2 on my Macbook Air in clamshell mode with a TB display and an Apple Wireless KB and mouse, and I see the same thing. You need to either click the mouse once or hit a key on the KB to "wake up" the BT connection in that login screen. I usually just hit the down arrow key and that wakes up the KB and puts the cursor in the login password field.

I suspect this is because at that point your are just running off the recovery partition and don't have access to a full set of mouse/KB drivers.
 

richard13

macrumors 6502a
Original poster
Aug 1, 2008
573
23
Sautee Nacoochee, GA
I use FV2 on my Macbook Air in clamshell mode with a TB display and an Apple Wireless KB and mouse, and I see the same thing. You need to either click the mouse once or hit a key on the KB to "wake up" the BT connection in that login screen. I usually just hit the down arrow key and that wakes up the KB and puts the cursor in the login password field.

I suspect this is because at that point your are just running off the recovery partition and don't have access to a full set of mouse/KB drivers.
Ok, good. I'm glad it's not something odd with my iMac.

I'll try the down-arrow approach. I always assumed you had to click inside the text box to type my password.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.