Filevault questions

Discussion in 'OS X Mountain Lion (10.8)' started by Risco, Aug 17, 2012.

  1. Risco macrumors 68000

    Risco

    Joined:
    Jul 22, 2010
    Location:
    United Kingdom
    #1
    I have never used this before, simply because this is my first mac. So I do have a couple of questions. I have read about it on the Apple support site and also a couple of videos. I am still unsure on the following:

    1. As a home user, should I enable it?
    2. When is the password needed? For example would I need every time I install an unsigned app?
    3. Would I notice a speed hit?
     
  2. CodeBreaker macrumors 6502

    Joined:
    Nov 5, 2010
    Location:
    Sea of Tranquility
    #2
    1. Depends. If someone steals your computer, s/he won't be able to access anything on your computer without the password if you enable FileVault. But on the other hand, if you lose your password, you will have to wipe the drive and start from scratch.

    2. FileVault 2 is completely transparent. The password is needed at all the usual times (login, start up), just like without FileVault. You are confusing FileVault with GateKeeper. FileVault has nothing to do with Apps.

    3. It won't be that noticeable if you have a newer Mac with a Core i series processor. You may notice longer shut down and start up times.
     
  3. dyn macrumors 68030

    Joined:
    Aug 8, 2009
    Location:
    .nl
    #3
    1: That is for you to decide. I only enabled it on my notebook, my desktop is a bit hard to steal (it's a Mac Pro which weighs roughly 20kg!). In case my notebook gets stolen my data is encrypted.

    2: Filevault requires the use of passwords. If you boot/reboot the machine it will give you something that resembles a user list. You need to select the account and enter the password. The drive will then be unlocked and you will be logged in. If you hit cmd-r and use any of the tools in there you first need to unlock the drive with Filevault. You need the password again. These are the only times when a password for Filevault is required.

    Simply put: the drive is locked by default and you need to enter a password to unlock it. After it has been unlocked it is free to be used.

    3: you may notice a speed hit when you have a normal hard disk drive. With an ssd you'll only notice it when you benchmark it and compare the before/after results. I use Filevault on my Air and run virtual machines on that machine. I'm not noticing any speed differences from my Mac Pro which doesn't use Filevault.
     
  4. austinguy23 macrumors 6502a

    Joined:
    Oct 8, 2008
    #4
    Also, remember to completely shut down your computer when not in use. Simply closing the lid and putting it in standby mode leaves the machine vulnerable to forensic tools than can glean the encryption key from RAM.
     
  5. Puevlo macrumors 6502a

    Joined:
    Oct 21, 2011
    #5
    Indeed. I found this out the hard way.
     
  6. knucklehead macrumors 6502a

    Joined:
    Oct 22, 2003
    #6
    Hummm, I didn't know that part. How much of a threat is this? Shutting down devices is an extra bit of a pain.
     
  7. Troneas macrumors 65816

    Troneas

    Joined:
    Oct 26, 2011
    Location:
    At the alternatives section.
    #7
    you dont need it because you dont need filevault to password protect your computer at start up. you can just set up a password if you don't want other people (eg family members) from using it.


    file vault is just for paranoids who think the CIA will hack into their machine and steal their porn videos.
     
  8. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #8
    The login password is extremely easy to reset and I would not rely on it for any security at all. It is even worse with Lion and Mountain Lion since Apple was nice enough to include the password reset utility right on the Recovery HD partition. So all you do is a command-r boot and use the reset utility and you are in.

    I agree if you are just worried about your kids logging in the normal login password is good enough, but to fend off thieves it is pretty weak sauce.
     
  9. mrapplegate macrumors 68030

    Joined:
    Feb 26, 2011
    Location:
    Cincinnati, OH
    #9
    That's why you also use a firmware password.
     
  10. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #10
    Give this a read. If you have FV2 enabled and you setup a firmware password to prevent booting from peripheral devices, you are in good shape just logging out.

    Read this also.

    These hacks and the Passware software mentioned require direct memory access (DMA) through either a Firewire or Thunderbolt port, and if you enable a firmware password this shuts down that access.

    The only hack I have seen that would conceivably work with both FV2 and firmware password involved introducing a hacked Thunderbolt device that grabs your password the next time you boot. This would require say a maid at a hotel to swap maybe your Thunderbolt ethernet adaptor with a hacked one. Then when you logon the hacked device intercepts your password. Then the maid would have to come back a second time and steal your machine now with the password intercepted. Even the article on this hack seemed vague on the impact a EFI (firmware) password would have. This same hack can be accomplished (according to the article) by removing the drive from your machine and using another machine to hack the EFI partition, then put the drive back. But again, this just captures your password when you enter it.

    I know the popular cliche often posted here is "if the thief has physical to your machine they can get in", but I have not seen a documented case where anybody could gain access on a newer Intel Mac with both FV2 and EFI password protection.

    If someone has an article showing that this has actually been done, I would be interesting in reading it. I don't say this to be argumentative, I am genuinely curious if anybody has seen documentation of this actually being done.

    The only thing I have read that theoretically could work is freezing and removing RAM chips to capture a password left in RAM, but again I have not seen an actual test case where this worked on a Mac.

    Good discussion.

    ----------

    I completely agree. You replied while I was typing my novel in the post above. :)
     
  11. mrapplegate macrumors 68030

    Joined:
    Feb 26, 2011
    Location:
    Cincinnati, OH
    #11
    I think like Weaselboy said, the average user is well protected with a firmware password in place and FV2 enabled.
     
  12. cloudyo macrumors member

    Joined:
    Feb 25, 2012
    #12
    This is ridiculous. Anyone willing to Pay $1k to get to my data could just as well hold a gun to my head and ask me for the password.

    These discussions always remind me of this: http://xkcd.com/538/
     
  13. austinguy23 macrumors 6502a

    Joined:
    Oct 8, 2008
    #13
    Information Security is always a balancing act of security vs convenience. Just consider what you have stored (or will potentially store) on your machine and consider how costly it would be to you if someone got their hands on that information... eg. last year's tax returns (or anything with your SSN), compromising pics of your girlfriend, potential access to your email account (depending on how yours is set up), etc.

    You may as well not even bother with encryption if you don't use it properly. Shutdown times are nearly instantaneous for Macs these days and startups are around 14 seconds for most new Macs. I don't consider that as much of a bother at all.

    Those who don't understand information security often mock it, but l assure you security isn't just for spies and law enforcement.
     
  14. knucklehead macrumors 6502a

    Joined:
    Oct 22, 2003
    #14
    OK - Ive been checking around a bit, and came up with this current competent discussion:
    http://www.schneier.com/blog/archives/2012/08/an_analysis_of.html

    Someone there seems to be saying that the sleep vulnerability disappeared after 10.7.2. Not sure if that's correct, but even if it isn't, I'm not overly concerned about it ... but still, concerned a little bit.

    I had an eMac stolen years ago (remember how massively heavy those things were). Nowadays, I'm putting more and more sensitive financial information on my computers, and I'd like to know it's secure in the event of loss or theft -- even if I don't shut everything down all the time.
     
  15. knucklehead macrumors 6502a

    Joined:
    Oct 22, 2003
    #15
    Yeah - I'm really not too concerned about a well trained gang of hi-tech criminals going after my data -- although, my current hotel maid does look a bit crafty, now that you mention it...
     
  16. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #16
    Is this her? :D

    [​IMG]
     
  17. mrapplegate macrumors 68030

    Joined:
    Feb 26, 2011
    Location:
    Cincinnati, OH
    #17
    She kept asking for windex, I had no idea she was stealing my data :D
     
  18. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #18
    10.7.2 DMA info from Apple. In addition a EFI password completely blocks DMA access also, so that route is a no go.

    The more I read the more comfortable I feel about a FV2 and EFI password combo being pretty unhackable even with just a logout and the system not shutdown.
     
  19. dyn macrumors 68030

    Joined:
    Aug 8, 2009
    Location:
    .nl
    #19
    That information is quite dated. Lion and Mountain Lion have address randomisation where ML took it even further. The virtual memory is also protected by default since Snow Leopard. If you set a firmware password you also close down any hacking via DMA.

    The tools you are talking about made use of a bug in that same DMA stuff but Apple has fixed it before those tools were officially introduced (somewhere in the beginning of Lion). Those tools were kinda useless when they were introduced :rolleyes:

    In other words: no problems if you use Mountain Lion and a firmware password.
     
  20. knucklehead macrumors 6502a

    Joined:
    Oct 22, 2003
    #20
    Thanks for the confirmation on that! Looks like we can all rest easy.

    Does anyone know if you can disable "remote wipe" from "find my mac"? It seems like with proper encryption, remote wipe doesn't really add any extra security, and can be a potential source of problems.
     
  21. mrapplegate macrumors 68030

    Joined:
    Feb 26, 2011
    Location:
    Cincinnati, OH
    #21
    I don't think you can disable it, other than just not choosing to wipe or by choosing to turn the whole thing off.
     
  22. knucklehead macrumors 6502a

    Joined:
    Oct 22, 2003
    #22
    I pretty much figured that's the case. For myself, I like the "find" part, but would now be happy to loose the "wipe" part.

    I think I'll just can the whole thing unless someone knows a trick to separate the two.
     
  23. austinguy23 macrumors 6502a

    Joined:
    Oct 8, 2008
    #23
    Read this, fellas. I'm liking FileVault 2 less and less. I'd opt for TrueCrypt or some other tried and true open source third party solution instead. Yeah, there's probably more overhead but it's more trustworthy in my opinion.

    http://mjtsai.com/blog/2012/08/07/filevault-2s-apple-id-backdoor/
     
  24. RabidMacFan macrumors regular

    Joined:
    Jun 19, 2012
    Location:
    California
    #24
    TrueCrypt does not offer full disk encryption for OS X. FileVault 2's encryption is sound, and you don't have to store your keys with Apple. If you disable the "Allow user to reset password using Apple ID" option, then you and only you hold the keys necessary to decrypt the volume.

    Choose a good long password for FileVault and enable an EFI Password and it will be difficult for thieves and evil maids to get access to the files on your machine.
     
  25. dyn macrumors 68030

    Joined:
    Aug 8, 2009
    Location:
    .nl
    #25
    Or simply skip the AppleID screen when you (re)install/setup OS X/new user account. I don't have that option because I haven't "mated" an AppleID with my user account.

    Concerning the keys stored at Apple: obviously this is stupid. If you use any common sense you'd know that you need to trust Apple completely when you want to store the keys on their servers. What if they get hacked? What if your account gets hacked? Etc. It is the main reason why I choose not to store it somewhere online. It completely defeats what I wanted to accomplish with filevault.

    In other words: if you want security: think before you do.
     

Share This Page