FileVault On!!! Am I Safe?


m85476585

macrumors 65816
Feb 26, 2008
1,222
4
http://crypto.nsa.org/vilefault/23C3-VileFault.pdf

Make sure secure virtual memory is enabled, and disable safe sleep, and use a strong password. FileVault is probably better than nothing, as long as it doesn't give you a false sense of security. It depends on who you are trying to hide your data from. If you just want to keep your bank information out of the hands of someone who steals your laptop or someone you sell our old hard drive to on eBay, then it's probably enough. If you want to hide something from law enforcement/the government, it might not be good enough.

Note that the presentation I linked to is NOT from the NSA (nsa.gov). The domain nsa.org is owned by an individual and is not related to the NSA as far as I can tell.
 

m85476585

macrumors 65816
Feb 26, 2008
1,222
4
it uses AES doesnt it? thats pretty darn strong encryption!
According to the presentation I linked to, FileVault can be broken by breaking any one of the following:
3DES effective 112bit
AES-128
RSA-1024

In addition, the presentation states that RSA-1024 bit is equivalent to only ~72 bit symmetric encryption, which is not all that strong.
 

DoFoT9

macrumors P6
Jun 11, 2007
17,494
26
Singapore
According to the presentation I linked to, FileVault can be broken by breaking any one of the following:
3DES effective 112bit
AES-128
RSA-1024

In addition, the presentation states that RSA-1024 bit is equivalent to only ~72 bit symmetric encryption, which is not all that strong.
sorry, i am at work. thus the vague replies.

broken that easily eh? intersting.
 

m85476585

macrumors 65816
Feb 26, 2008
1,222
4
Maybe my last post was misleading. I definitely wouldn't call it easy. According to Wikipedia, it took 400 computers 11 months to factor a 1039 bit number, which is approximately equivalent to breaking 700 bit RSA encryption. 1024 bit RSA is still OK for now, but in the future it will likely become breakable.

http://en.wikipedia.org/wiki/Key_size

Also remember that the time to break encryption approximately doubles with every additional bit, so 129 bit encryption takes twice a long to break as 128 bit.

In short, it is unlikely that anyone who wants to break FileVault in the next few years will do a brute force attack. Taking the key from safe sleep header data, a cold boot attack, or a firewire vulnerability (if it still exists) is much more likely.

If you want more security, you might consider using TrueCrypt, which encrypts the entire disk.
 

DoFoT9

macrumors P6
Jun 11, 2007
17,494
26
Singapore
Maybe my last post was misleading. I definitely wouldn't call it easy. According to Wikipedia, it took 400 computers 11 months to factor a 1039 bit number, which is approximately equivalent to breaking 700 bit RSA encryption. 1024 bit RSA is still OK for now, but in the future it will likely become breakable.

http://en.wikipedia.org/wiki/Key_size

Also remember that the time to break encryption approximately doubles with every additional bit, so 129 bit encryption takes twice a long to break as 128 bit.

In short, it is unlikely that anyone who wants to break FileVault in the next few years will do a brute force attack. Taking the key from safe sleep header data, a cold boot attack, or a firewire vulnerability (if it still exists) is much more likely.

If you want more security, you might consider using TrueCrypt, which encrypts the entire disk.
it has a lifetime of roughly 30 years before the cost to break is greater then the cost/time to compute all possible answers.

intersting to know though!

what about the AES .dmg files, they would be around the same level of security? i thought you could make them 256 bit?
 

germinator

macrumors regular
Apr 22, 2009
135
32
I just recently was visiting Google's campus and they had flyers affixed to the walls instructing Mac users to disable FileVault and switch to PGP full disk encryption. The flyer did not explain the reason for that, but I would take that advice seriously.
 

rmbrown09

macrumors 6502a
Original poster
Jan 25, 2010
942
0
Seattle
I just recently was visiting Google's campus and they had flyers affixed to the walls instructing Mac users to disable FileVault and switch to PGP full disk encryption. The flyer did not explain the reason for that, but I would take that advice seriously.
safe not safe safe not safe safe not safe
 

m85476585

macrumors 65816
Feb 26, 2008
1,222
4
Basically the encryption itself isn't practically "breakable" yet (it's only a matter of time before it is, though). It'e theoretically possible, but in reality it takes too long to be done with today's technology. But there are other weaknesses that can compromise your data without having to break encryption. For example, if someone gets the key out of the safesleep image header of the RAM in a cold boot attack, it doesn't matter how many bits of encryption there are. Disabling safesleep helps. I don't know how practical a cold boot attack is; I think something like cooling the RAM in liquid nitrogen is involved. Plus I assume the computer has to be running and logged in for it to work.

Like I said before, it depends on who you are trying to keep your data from. If you want to be protected from a dumb laptop thief or ebay buyer, or even a hacker with access to the computer trying to steal your banking information, you are probably safe. But if you are trying to keep something from the government or your data is excessively valuable, filevault probably isn't enough.
 

Grimace

macrumors 68040
Feb 17, 2003
3,539
31
with Hamburglar.
The most dangerous part of using FileVault is forgetting your password. There is NO way to recover the data - even with Apple's help.

That may not be on your mind, but it should be!
 

rmbrown09

macrumors 6502a
Original poster
Jan 25, 2010
942
0
Seattle
You don't need that much protection for your high school English reports and pirated applications. /sarcasm

Why are you really even bothering with FileVault in the first place?
Besides personal financial information, photos, etc;
I have yes torrented apps that I would like to keep private, and not high school papers, COLLEGE
 

TxMacAddict

macrumors 6502
Feb 4, 2008
370
0
They hacked Google.. and they have all the resources they need to be "safe" If your a high value target theres probably not much you can do.. if not then theres probably not much to worry about.
 

Bill Gates

macrumors 68020
Jun 21, 2006
2,494
14
127.0.0.1
Besides personal financial information, photos, etc;
I have yes torrented apps that I would like to keep private, and not high school papers, COLLEGE
Well I see no reason for you to be particularly concerned about FileVault. It doesn't offer impenetrable security but it certainly offers more than an unencrypted drive does. Just be sure that your password is strong but unforgettable as if you forget it, your data is for all intents and purposes lost. Also, if Apple opts to take advantage of hardware-level AES acceleration present in the new Intel processors, the performance drop associated with using FileVault could be negated to a large degree.
 

DoFoT9

macrumors P6
Jun 11, 2007
17,494
26
Singapore
Basically the encryption itself isn't practically "breakable" yet (it's only a matter of time before it is, though). It'e theoretically possible, but in reality it takes too long to be done with today's technology. But there are other weaknesses that can compromise your data without having to break encryption. For example, if someone gets the key out of the safesleep image header of the RAM in a cold boot attack, it doesn't matter how many bits of encryption there are. Disabling safesleep helps. I don't know how practical a cold boot attack is; I think something like cooling the RAM in liquid nitrogen is involved. Plus I assume the computer has to be running and logged in for it to work.

Like I said before, it depends on who you are trying to keep your data from. If you want to be protected from a dumb laptop thief or ebay buyer, or even a hacker with access to the computer trying to steal your banking information, you are probably safe. But if you are trying to keep something from the government or your data is excessively valuable, filevault probably isn't enough.
yea i said back in post 10 (vaguely) that the time to compute would most likely outweigh the actual worth of the data they would retrieve. unless its the military or something of course!

safesleep=deep sleep i presume?

ive never heard of this attack, do you have any information as to how its stored etc? im doing networking at uni ;)

They hacked Google.. and they have all the resources they need to be "safe" If your a high value target theres probably not much you can do.. if not then theres probably not much to worry about.
we have no idea about the details of the actual "hacking" - who knows if it even counted as hacking. maybe somebody had a password?
 

LinMac

macrumors 65816
Oct 28, 2007
1,193
12
It really depends on who you are trying to keep from getting the data.

FileVault features fairly robust protection against the most common types of data security problems such as thieves attempting to access your data by attaching the drive to another computer to bypass the login password screen.

If someone is willing to go to the use of liquid nitrogen to access your information, you might have more to protect than the average user which would mean you might need more than FileVault.