Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

FileVault On!!! Am I Safe?

rmbrown09

rmbrown09

macrumors 6502a
Original poster
Jan 25, 2010
949
1
USA
First of all I have been doing some reading on it, and different places seem to say different things about it.

http://en.wikipedia.org/wiki/FileVault (makes me feel not safe)

http://macdevcenter.com/pub/a/mac/2003/12/19/filevault.html (makes me feel safe)

so idk really, what am I safe from, and does this really help anything? Thanks.

Screenshot2010-05-09at14618PM.png
 
http://crypto.nsa.org/vilefault/23C3-VileFault.pdf

Make sure secure virtual memory is enabled, and disable safe sleep, and use a strong password. FileVault is probably better than nothing, as long as it doesn't give you a false sense of security. It depends on who you are trying to hide your data from. If you just want to keep your bank information out of the hands of someone who steals your laptop or someone you sell our old hard drive to on eBay, then it's probably enough. If you want to hide something from law enforcement/the government, it might not be good enough.

Note that the presentation I linked to is NOT from the NSA (nsa.gov). The domain nsa.org is owned by an individual and is not related to the NSA as far as I can tell.
 
DoFoT9 said:
it uses AES doesnt it? thats pretty darn strong encryption!
Click to expand...

According to the presentation I linked to, FileVault can be broken by breaking any one of the following:
3DES effective 112bit
AES-128
RSA-1024

In addition, the presentation states that RSA-1024 bit is equivalent to only ~72 bit symmetric encryption, which is not all that strong.
 
m85476585 said:
According to the presentation I linked to, FileVault can be broken by breaking any one of the following:
3DES effective 112bit
AES-128
RSA-1024

In addition, the presentation states that RSA-1024 bit is equivalent to only ~72 bit symmetric encryption, which is not all that strong.
Click to expand...
sorry, i am at work. thus the vague replies.

broken that easily eh? intersting.
 
Maybe my last post was misleading. I definitely wouldn't call it easy. According to Wikipedia, it took 400 computers 11 months to factor a 1039 bit number, which is approximately equivalent to breaking 700 bit RSA encryption. 1024 bit RSA is still OK for now, but in the future it will likely become breakable.

http://en.wikipedia.org/wiki/Key_size

Also remember that the time to break encryption approximately doubles with every additional bit, so 129 bit encryption takes twice a long to break as 128 bit.

In short, it is unlikely that anyone who wants to break FileVault in the next few years will do a brute force attack. Taking the key from safe sleep header data, a cold boot attack, or a firewire vulnerability (if it still exists) is much more likely.

If you want more security, you might consider using TrueCrypt, which encrypts the entire disk.
 
m85476585 said:
Maybe my last post was misleading. I definitely wouldn't call it easy. According to Wikipedia, it took 400 computers 11 months to factor a 1039 bit number, which is approximately equivalent to breaking 700 bit RSA encryption. 1024 bit RSA is still OK for now, but in the future it will likely become breakable.

http://en.wikipedia.org/wiki/Key_size

Also remember that the time to break encryption approximately doubles with every additional bit, so 129 bit encryption takes twice a long to break as 128 bit.

In short, it is unlikely that anyone who wants to break FileVault in the next few years will do a brute force attack. Taking the key from safe sleep header data, a cold boot attack, or a firewire vulnerability (if it still exists) is much more likely.

If you want more security, you might consider using TrueCrypt, which encrypts the entire disk.
Click to expand...
it has a lifetime of roughly 30 years before the cost to break is greater then the cost/time to compute all possible answers.

intersting to know though!

what about the AES .dmg files, they would be around the same level of security? i thought you could make them 256 bit?
 
I just recently was visiting Google's campus and they had flyers affixed to the walls instructing Mac users to disable FileVault and switch to PGP full disk encryption. The flyer did not explain the reason for that, but I would take that advice seriously.
 
germinator said:
I just recently was visiting Google's campus and they had flyers affixed to the walls instructing Mac users to disable FileVault and switch to PGP full disk encryption. The flyer did not explain the reason for that, but I would take that advice seriously.
Click to expand...

safe not safe safe not safe safe not safe
 
Basically the encryption itself isn't practically "breakable" yet (it's only a matter of time before it is, though). It'e theoretically possible, but in reality it takes too long to be done with today's technology. But there are other weaknesses that can compromise your data without having to break encryption. For example, if someone gets the key out of the safesleep image header of the RAM in a cold boot attack, it doesn't matter how many bits of encryption there are. Disabling safesleep helps. I don't know how practical a cold boot attack is; I think something like cooling the RAM in liquid nitrogen is involved. Plus I assume the computer has to be running and logged in for it to work.

Like I said before, it depends on who you are trying to keep your data from. If you want to be protected from a dumb laptop thief or ebay buyer, or even a hacker with access to the computer trying to steal your banking information, you are probably safe. But if you are trying to keep something from the government or your data is excessively valuable, filevault probably isn't enough.
 
The most dangerous part of using FileVault is forgetting your password. There is NO way to recover the data - even with Apple's help.

That may not be on your mind, but it should be!
 
Bill Gates said:
You don't need that much protection for your high school English reports and pirated applications. /sarcasm

Why are you really even bothering with FileVault in the first place?
Click to expand...

Besides personal financial information, photos, etc;
I have yes torrented apps that I would like to keep private, and not high school papers, COLLEGE
 
They hacked Google.. and they have all the resources they need to be "safe" If your a high value target theres probably not much you can do.. if not then theres probably not much to worry about.
 
rmbrown09 said:
Besides personal financial information, photos, etc;
I have yes torrented apps that I would like to keep private, and not high school papers, COLLEGE
Click to expand...
Well I see no reason for you to be particularly concerned about FileVault. It doesn't offer impenetrable security but it certainly offers more than an unencrypted drive does. Just be sure that your password is strong but unforgettable as if you forget it, your data is for all intents and purposes lost. Also, if Apple opts to take advantage of hardware-level AES acceleration present in the new Intel processors, the performance drop associated with using FileVault could be negated to a large degree.
 
m85476585 said:
Basically the encryption itself isn't practically "breakable" yet (it's only a matter of time before it is, though). It'e theoretically possible, but in reality it takes too long to be done with today's technology. But there are other weaknesses that can compromise your data without having to break encryption. For example, if someone gets the key out of the safesleep image header of the RAM in a cold boot attack, it doesn't matter how many bits of encryption there are. Disabling safesleep helps. I don't know how practical a cold boot attack is; I think something like cooling the RAM in liquid nitrogen is involved. Plus I assume the computer has to be running and logged in for it to work.

Like I said before, it depends on who you are trying to keep your data from. If you want to be protected from a dumb laptop thief or ebay buyer, or even a hacker with access to the computer trying to steal your banking information, you are probably safe. But if you are trying to keep something from the government or your data is excessively valuable, filevault probably isn't enough.
Click to expand...
yea i said back in post 10 (vaguely) that the time to compute would most likely outweigh the actual worth of the data they would retrieve. unless its the military or something of course!

safesleep=deep sleep i presume?

ive never heard of this attack, do you have any information as to how its stored etc? im doing networking at uni ;)

TxMacAddict said:
They hacked Google.. and they have all the resources they need to be "safe" If your a high value target theres probably not much you can do.. if not then theres probably not much to worry about.
Click to expand...
we have no idea about the details of the actual "hacking" - who knows if it even counted as hacking. maybe somebody had a password?
 
It really depends on who you are trying to keep from getting the data.

FileVault features fairly robust protection against the most common types of data security problems such as thieves attempting to access your data by attaching the drive to another computer to bypass the login password screen.

If someone is willing to go to the use of liquid nitrogen to access your information, you might have more to protect than the average user which would mean you might need more than FileVault.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back