FileVault in Leopard

[jaredbkt]

Does anyone know if FileVault in Leopard will still be 128-bit encryption level or has it been increased to do 256-bit encryption?

Any help on this topic is appreciated!

 

[projectle]

Advanced Encryption Standard with 128-bit keys (AES-128)

 

[jaredbkt]

That's a shame. I don't know why they've kept the lower level and not moved forward to 256-bit.

I was hoping there would FINALLY be a 256-bit whole disk encryption option for the Mac. Guess not.

 

[unity]

And you need 256 for?

 

[jaredbkt]

Company mandate, no exceptions. 256-bit whole disk encryption.

 

[Benjamin]

You are probably looking for something like this.

http://www.pgp.com/products/wholediskencryption/tech_specs.html

perhaps?

*oh nvm, non boot only disks says the faq

of course filevault was never suppose to be whole disk, just user folders. i believe.

 

[jaredbkt]

I appreciate the link but I've already looked into that option. Sadly, it does not work on boot volumes, thus it doesn't satisfy my needs.

I contacted the PGP company and they said they have no plans to implement a boot disk encryption feature for their mac products.

 

[Analog Kid]

I thought I did see that Leopard was allowing 256bit encryption for disk images, though. They're not going to support that for FileVault?

 

[Benjamin]

I thought I did see that Leopard was allowing 256bit encryption for disk images, though. They're not going to support that for FileVault?

Yeah under DYI encrypting it does day that Disk Utility does 256-bit AES.
http://www.apple.com/macosx/technology/security.html

 

[Danksi]

Company mandate, no exceptions. 256-bit whole disk encryption.

That's a pretty high mandate. What area does you company work in?

We're financial, so highest possible encryption, where possible.

We're using PGP Whole disk on all laptops, but then again, we're a 100% Windows shop.

 

[ibell63]

I can understand everyone's concerns here regarding how brute forcing is becoming more and more easy as processors get faster and faster, but apple really has worse problems with file vault to work out, to begin with, the headers of the blocks in the sparse images used are encrypted with 1024 bit RSA encryption! This is about equivalent to 72 bit AES, this needs to be fixed as important information regarding the key and algorithm are stored in the header. I agree with everyone here that wants a more secure file vault, but upgrading to 256 Bit AES alone for the data encryption is like getting all steel doors and frames for your house, but at the same time leaving a window open.

The NSA did a study on the security of File Vault in Mac OS 10.4 and had many criticisms that had nothing to do with the 128 bit key length.

 

[jaredbkt]

I really do appreciate everyone's comments on this matter. However, what seems to continue to slip through the cracks is that this issue has zero to do with what the NSA thinks, reviewers, or personal opinion.

My company MANDATES that the encryption be 256-bit NO EXCEPTIONS. Nothing else matters besides that fact and since FileVault CAN NOT encrypt in 256-bits it is an unusable solution for me.