FileVault VS Encrypted Disk Image - Pros and Cons

Discussion in 'macOS' started by Avery1, Apr 17, 2010.

  1. Avery1 macrumors member

    Joined:
    Mar 14, 2010
    #1
    I need to encrypt about 40GB of personal data (excepting photos, music, video, etc) and would like to hear the pros and cons from those who have used:

    FileVault
    Encrypted Disk Image (DMG)

    for encryption of their files they use day-in and day-out.

    FWIW, I will be:
    a) using EMC Retrospect --> Network Attached Storage for my backups
    b) looking to find a solution that will synch my data between my desktop and laptop... similar to Windows' Sync Toy.
     
  2. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
  3. Detektiv-Pinky macrumors 6502a

    Detektiv-Pinky

    Joined:
    Feb 25, 2006
    Location:
    Berlin, Germany
    #3
    I use FileVault to encrypt my user account (non-Admin) on my Laptop. I have not found any problems with it during normal use. It is virtually transparent for most operations.

    If I copy large files between the encrypted and unencrypted parts of the file system there is a little noticeable lag. Other than this I see not slowdown.
    One peculiarity is that free space is only re-claimed at shutdown (running Leopard). So make sure you shut it down every so often while still connected to mains.

    I am not running FileVault on my main computer at home, mainly because it does not play nice with Time Machine and I do not see the necessity here.

    I use Chronosync to keep both machines in sync.
     
  4. Avery1 thread starter macrumors member

    Joined:
    Mar 14, 2010
    #4
    Thanks, Detektiv-Pinky -- very helpful. You're doing about what I'm looking to do (except I use the admin (yet not root) account... not any different than any enterprise systems I work on or laptops that companies issue IT professionals ;) I'm not sure I understand everyone's fear of using an admin (yet not root) account, if you understand the system... perhaps, that is the bigger issue. I personally like not having safeguards like recycle bins/trashcans, etc. rm -rf ! Hell, SL asks you for confirmation and a password for almost everything admin oriented you do, anyhow.

    Curious -- with FileVault does each user account have it's own encryption key or is it at the system level? I.E. if I am logged into the machine as USER1 is USER2's information available for USER1 to see, assuming they have read permissions on USER2's home directory and files.

    Guessing the later, though it's not as secure.

    Ever had any issues with Chronosync?

    Thanks also to satcomer for the links.

    It would be great to hear from others who chose use of an encrypted disk image over FileVault for encrypting all their non-media files!
     
  5. iVoid macrumors 65816

    Joined:
    Jan 9, 2007
    #5
    No, each user with FileVault turned on has his/her own encrypted disk image that is only mounted when they are logged in.

    Only someone with their password OR the master FileVault password can open that disk image, regardless of their user permissions.
     
  6. Avery1 thread starter macrumors member

    Joined:
    Mar 14, 2010
    #6
    Cool, thanks for the clarification, iVoid.
     
  7. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #7
    Keep in mind that encrypting your entire home folder can be a risky endeavor.

    There's been a lot of problems associated with filevault and personally I'd not risk losing my entire home folder if a slight corruption occurred.

    There are other solutions to protecting one's personal data such using an encrypted disk image.
     
  8. pilot1226 macrumors 6502a

    pilot1226

    Joined:
    Mar 18, 2010
    Location:
    USA
    #8
    I encrypted my Home Folder a long time ago with FileVault, and the only time I had an issue was when I attempted to DISABLE FileVault, and OSX went to hell. I ended up reinstalling the OS, but I did turn it on again after install.

    It remains on today with no complains.
     
  9. Avery1 thread starter macrumors member

    Joined:
    Mar 14, 2010
    #9
    Noted. Having someone steal your laptop and have access to your data is a riskier endeavor, in my mind. From what I've observed, if someone has physical access to your machine, there is no protection from them seeing your data -- just hook up the drive to another machine. Virtually no effort. I'd like to hear if that's not the case.

    I realize it's not perfect and agree that dealing with encryption is a PITA, but feel the safest approach is to use something that the OS vendor provides, versus a third party.

    Edit to add: If you have used an encrypted disk image for the majority of your daily-use data (trying to maintain to structures is a pain -- I've tried it before), I'd be interested in hearing how it went.
     
  10. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #10
    If a thief knew what they were doing, then yes they can get to the unencrypted data. Though, most thieves are not after your information, but rather the physical device.

    Organization is easier if you only worry about encrypting sensitive information like taxes, work documents, and other financially based information. Don't worry about encrypting your media unless it's sensitive. Email is trickier to encrypt, which is where FileVault can be handy. I've used FileVault since Tiger without issue at home and work, but it's not for everyone.
     
  11. Detektiv-Pinky macrumors 6502a

    Detektiv-Pinky

    Joined:
    Feb 25, 2006
    Location:
    Berlin, Germany
    #11
    First of all, my choice to work from a non-admin account is not 'fear' driven. There are a number of reasons why I choose to do so:
    - less chance to accidentally muck something up
    - smaller attack surface
    - relative ease to work from non-admin in OSX (it is not that often that I have to supply my password - mainly installing new software)
    - have a working admin account handy when disaster strikes
    - sometimes other people have access to my machine - they should have no admin rights!
    - ...

    So, all in all I feel it is worth the little extra trouble.

    No. I am using it for about 2 years now and it does what it does quite well (no fancy iPhone syncing here).
    It is a bit slow to sync my home folder over WLAN (>30.000 files) - so I mainly hook it up via an EthernetCable - I did not spend any money on the 'ChronoAgent'.

    As to the 'unreliability' of FileVault, I think it all comes back to: Backup-your-Data!!!

    Also disk images can get corrupted and a lot of other things can go wrong. However, it is next to impossible to do incremental backups with encrypted disk images and I simply love the simplicity of the complete protection on my home folder. No need to worry that things are accidentally stored unencrypted.

    I rely on 'constant' syncing between my machines (usually at the end of the day) and a TimeMachine backup on my home Mac. This way the data is spread around 3 drives and I don't have to worry that I loose it all through an error in FileVault or loosing my Laptop.
     

Share This Page