Filevault questions

Risco

macrumors 68000
Original poster
Jul 22, 2010
1,761
153
United Kingdom
I have never used this before, simply because this is my first mac. So I do have a couple of questions. I have read about it on the Apple support site and also a couple of videos. I am still unsure on the following:

  1. As a home user, should I enable it?
  2. When is the password needed? For example would I need every time I install an unsigned app?
  3. Would I notice a speed hit?
 

CodeBreaker

macrumors 6502
Nov 5, 2010
494
1
Sea of Tranquility
I have never used this before, simply because this is my first mac. So I do have a couple of questions. I have read about it on the Apple support site and also a couple of videos. I am still unsure on the following:

  1. As a home user, should I enable it?
  2. When is the password needed? For example would I need every time I install an unsigned app?
  3. Would I notice a speed hit?
1. Depends. If someone steals your computer, s/he won't be able to access anything on your computer without the password if you enable FileVault. But on the other hand, if you lose your password, you will have to wipe the drive and start from scratch.

2. FileVault 2 is completely transparent. The password is needed at all the usual times (login, start up), just like without FileVault. You are confusing FileVault with GateKeeper. FileVault has nothing to do with Apps.

3. It won't be that noticeable if you have a newer Mac with a Core i series processor. You may notice longer shut down and start up times.
 

dyn

macrumors 68030
Aug 8, 2009
2,708
383
.nl
1: That is for you to decide. I only enabled it on my notebook, my desktop is a bit hard to steal (it's a Mac Pro which weighs roughly 20kg!). In case my notebook gets stolen my data is encrypted.

2: Filevault requires the use of passwords. If you boot/reboot the machine it will give you something that resembles a user list. You need to select the account and enter the password. The drive will then be unlocked and you will be logged in. If you hit cmd-r and use any of the tools in there you first need to unlock the drive with Filevault. You need the password again. These are the only times when a password for Filevault is required.

Simply put: the drive is locked by default and you need to enter a password to unlock it. After it has been unlocked it is free to be used.

3: you may notice a speed hit when you have a normal hard disk drive. With an ssd you'll only notice it when you benchmark it and compare the before/after results. I use Filevault on my Air and run virtual machines on that machine. I'm not noticing any speed differences from my Mac Pro which doesn't use Filevault.
 

austinguy23

macrumors 6502a
Oct 8, 2008
613
8
Also, remember to completely shut down your computer when not in use. Simply closing the lid and putting it in standby mode leaves the machine vulnerable to forensic tools than can glean the encryption key from RAM.
 

Puevlo

macrumors 6502a
Oct 21, 2011
633
1
Also, remember to completely shut down your computer when not in use. Simply closing the lid and putting it in standby mode leaves the machine vulnerable to forensic tools than can glean the encryption key from RAM.
Indeed. I found this out the hard way.
 

knucklehead

macrumors 6502a
Oct 22, 2003
541
2
Also, remember to completely shut down your computer when not in use. Simply closing the lid and putting it in standby mode leaves the machine vulnerable to forensic tools than can glean the encryption key from RAM.
Hummm, I didn't know that part. How much of a threat is this? Shutting down devices is an extra bit of a pain.
 

Troneas

macrumors 65816
Oct 26, 2011
1,378
54
At the alternatives section.
you dont need it because you dont need filevault to password protect your computer at start up. you can just set up a password if you don't want other people (eg family members) from using it.


file vault is just for paranoids who think the CIA will hack into their machine and steal their porn videos.
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
29,641
9,261
California
you dont need it because you dont need filevault to password protect your computer at start up. you can just set up a password if you don't want other people (eg family members) from using it.


file vault is just for paranoids who think the CIA will hack into their machine and steal their porn videos.
The login password is extremely easy to reset and I would not rely on it for any security at all. It is even worse with Lion and Mountain Lion since Apple was nice enough to include the password reset utility right on the Recovery HD partition. So all you do is a command-r boot and use the reset utility and you are in.

I agree if you are just worried about your kids logging in the normal login password is good enough, but to fend off thieves it is pretty weak sauce.
 

mrapplegate

macrumors 68030
Feb 26, 2011
2,818
8
Cincinnati, OH
The login password is extremely easy to reset and I would not rely on it for any security at all. It is even worse with Lion and Mountain Lion since Apple was nice enough to include the password reset utility right on the Recovery HD partition. So all you do is a command-r boot and use the reset utility and you are in.

I agree if you are just worried about your kids logging in the normal login password is good enough, but to fend off thieves it is pretty weak sauce.
That's why you also use a firmware password.
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
29,641
9,261
California
Hummm, I didn't know that part. How much of a threat is this? Shutting down devices is an extra bit of a pain.
Give this a read. If you have FV2 enabled and you setup a firmware password to prevent booting from peripheral devices, you are in good shape just logging out.

Read this also.

These hacks and the Passware software mentioned require direct memory access (DMA) through either a Firewire or Thunderbolt port, and if you enable a firmware password this shuts down that access.

The only hack I have seen that would conceivably work with both FV2 and firmware password involved introducing a hacked Thunderbolt device that grabs your password the next time you boot. This would require say a maid at a hotel to swap maybe your Thunderbolt ethernet adaptor with a hacked one. Then when you logon the hacked device intercepts your password. Then the maid would have to come back a second time and steal your machine now with the password intercepted. Even the article on this hack seemed vague on the impact a EFI (firmware) password would have. This same hack can be accomplished (according to the article) by removing the drive from your machine and using another machine to hack the EFI partition, then put the drive back. But again, this just captures your password when you enter it.

I know the popular cliche often posted here is "if the thief has physical to your machine they can get in", but I have not seen a documented case where anybody could gain access on a newer Intel Mac with both FV2 and EFI password protection.

If someone has an article showing that this has actually been done, I would be interesting in reading it. I don't say this to be argumentative, I am genuinely curious if anybody has seen documentation of this actually being done.

The only thing I have read that theoretically could work is freezing and removing RAM chips to capture a password left in RAM, but again I have not seen an actual test case where this worked on a Mac.

Good discussion.

----------

That's why you also use a firmware password.
I completely agree. You replied while I was typing my novel in the post above. :)
 

cloudyo

macrumors regular
Feb 25, 2012
105
81
This is ridiculous. Anyone willing to Pay $1k to get to my data could just as well hold a gun to my head and ask me for the password.

These discussions always remind me of this: http://xkcd.com/538/
 

austinguy23

macrumors 6502a
Oct 8, 2008
613
8
Hummm, I didn't know that part. How much of a threat is this? Shutting down devices is an extra bit of a pain.
Information Security is always a balancing act of security vs convenience. Just consider what you have stored (or will potentially store) on your machine and consider how costly it would be to you if someone got their hands on that information... eg. last year's tax returns (or anything with your SSN), compromising pics of your girlfriend, potential access to your email account (depending on how yours is set up), etc.

You may as well not even bother with encryption if you don't use it properly. Shutdown times are nearly instantaneous for Macs these days and startups are around 14 seconds for most new Macs. I don't consider that as much of a bother at all.

Those who don't understand information security often mock it, but l assure you security isn't just for spies and law enforcement.
 

knucklehead

macrumors 6502a
Oct 22, 2003
541
2
OK - Ive been checking around a bit, and came up with this current competent discussion:
http://www.schneier.com/blog/archives/2012/08/an_analysis_of.html

Someone there seems to be saying that the sleep vulnerability disappeared after 10.7.2. Not sure if that's correct, but even if it isn't, I'm not overly concerned about it ... but still, concerned a little bit.

I had an eMac stolen years ago (remember how massively heavy those things were). Nowadays, I'm putting more and more sensitive financial information on my computers, and I'd like to know it's secure in the event of loss or theft -- even if I don't shut everything down all the time.
 

knucklehead

macrumors 6502a
Oct 22, 2003
541
2
Give this a read. If you have FV2 enabled and you setup a firmware password to prevent booting from peripheral devices, you are in good shape just logging out.

Read this also.

These hacks and the Passware software mentioned require direct memory access (DMA) through either a Firewire or Thunderbolt port, and if you enable a firmware password this shuts down that access.

The only hack I have seen that would conceivably work with both FV2 and firmware password involved introducing a hacked Thunderbolt device that grabs your password the next time you boot. This would require say a maid at a hotel to swap maybe your Thunderbolt ethernet adaptor with a hacked one. Then when you logon the hacked device intercepts your password. Then the maid would have to come back a second time and steal your machine now with the password intercepted. Even the article on this hack seemed vague on the impact a EFI (firmware) password would have. This same hack can be accomplished (according to the article) by removing the drive from your machine and using another machine to hack the EFI partition, then put the drive back. But again, this just captures your password when you enter it.

I know the popular cliche often posted here is "if the thief has physical to your machine they can get in", but I have not seen a documented case where anybody could gain access on a newer Intel Mac with both FV2 and EFI password protection.

If someone has an article showing that this has actually been done, I would be interesting in reading it. I don't say this to be argumentative, I am genuinely curious if anybody has seen documentation of this actually being done.

The only thing I have read that theoretically could work is freezing and removing RAM chips to capture a password left in RAM, but again I have not seen an actual test case where this worked on a Mac.

Good discussion.
Yeah - I'm really not too concerned about a well trained gang of hi-tech criminals going after my data -- although, my current hotel maid does look a bit crafty, now that you mention it...
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
29,641
9,261
California
OK - Ive been checking around a bit, and came up with this current competent discussion:
http://www.schneier.com/blog/archives/2012/08/an_analysis_of.html

Someone there seems to be saying that the sleep vulnerability disappeared after 10.7.2. Not sure if that's correct, but even if it isn't, I'm not overly concerned about it ... but still, concerned a little bit.
10.7.2 DMA info from Apple. In addition a EFI password completely blocks DMA access also, so that route is a no go.

The more I read the more comfortable I feel about a FV2 and EFI password combo being pretty unhackable even with just a logout and the system not shutdown.
 

dyn

macrumors 68030
Aug 8, 2009
2,708
383
.nl
Also, remember to completely shut down your computer when not in use. Simply closing the lid and putting it in standby mode leaves the machine vulnerable to forensic tools than can glean the encryption key from RAM.
That information is quite dated. Lion and Mountain Lion have address randomisation where ML took it even further. The virtual memory is also protected by default since Snow Leopard. If you set a firmware password you also close down any hacking via DMA.

The tools you are talking about made use of a bug in that same DMA stuff but Apple has fixed it before those tools were officially introduced (somewhere in the beginning of Lion). Those tools were kinda useless when they were introduced :rolleyes:

In other words: no problems if you use Mountain Lion and a firmware password.
 

knucklehead

macrumors 6502a
Oct 22, 2003
541
2
10.7.2 DMA info from Apple. In addition a EFI password completely blocks DMA access also, so that route is a no go.

The more I read the more comfortable I feel about a FV2 and EFI password combo being pretty unhackable even with just a logout and the system not shutdown.
Thanks for the confirmation on that! Looks like we can all rest easy.

Does anyone know if you can disable "remote wipe" from "find my mac"? It seems like with proper encryption, remote wipe doesn't really add any extra security, and can be a potential source of problems.
 

mrapplegate

macrumors 68030
Feb 26, 2011
2,818
8
Cincinnati, OH
Thanks for the confirmation on that! Looks like we can all rest easy.

Does anyone know if you can disable "remote wipe" from "find my mac"? It seems like with proper encryption, remote wipe doesn't really add any extra security, and can be a potential source of problems.
I don't think you can disable it, other than just not choosing to wipe or by choosing to turn the whole thing off.
 

knucklehead

macrumors 6502a
Oct 22, 2003
541
2
I don't think you can disable it, other than just not choosing to wipe or by choosing to turn the whole thing off.
I pretty much figured that's the case. For myself, I like the "find" part, but would now be happy to loose the "wipe" part.

I think I'll just can the whole thing unless someone knows a trick to separate the two.
 

austinguy23

macrumors 6502a
Oct 8, 2008
613
8
Read this, fellas. I'm liking FileVault 2 less and less. I'd opt for TrueCrypt or some other tried and true open source third party solution instead. Yeah, there's probably more overhead but it's more trustworthy in my opinion.

http://mjtsai.com/blog/2012/08/07/filevault-2s-apple-id-backdoor/
 

RabidMacFan

macrumors regular
Jun 19, 2012
188
42
California
Read this, fellas. I'm liking FileVault 2 less and less. I'd opt for TrueCrypt or some other tried and true open source third party solution instead. Yeah, there's probably more overhead but it's more trustworthy in my opinion.
TrueCrypt does not offer full disk encryption for OS X. FileVault 2's encryption is sound, and you don't have to store your keys with Apple. If you disable the "Allow user to reset password using Apple ID" option, then you and only you hold the keys necessary to decrypt the volume.

Choose a good long password for FileVault and enable an EFI Password and it will be difficult for thieves and evil maids to get access to the files on your machine.
 

dyn

macrumors 68030
Aug 8, 2009
2,708
383
.nl
Or simply skip the AppleID screen when you (re)install/setup OS X/new user account. I don't have that option because I haven't "mated" an AppleID with my user account.

Concerning the keys stored at Apple: obviously this is stupid. If you use any common sense you'd know that you need to trust Apple completely when you want to store the keys on their servers. What if they get hacked? What if your account gets hacked? Etc. It is the main reason why I choose not to store it somewhere online. It completely defeats what I wanted to accomplish with filevault.

In other words: if you want security: think before you do.