Filevaulting question for external drive

Discussion in 'Mac Pro' started by Loa, Feb 9, 2012.

  1. Loa macrumors 65816

    Loa

    Joined:
    May 5, 2003
    Location:
    Québec
    #1
    Hello,

    I have one drive I wanted to encrypt using Filevault 2, so I formatted it with the encrypted option and it works just fine.

    My problem is this: this drive is mounted in a 4 bay external case that is always powered up, as I mount/unmount the drives it contains as needed. Trouble is: once I enter the password for the encrypted drive, the system remembers it until I power the external case down.

    A simple unmount doesn't work, because anyone can re-mount it without having to enter the password.

    Can I force the OS to ask the password every time the drive is mounted?

    Thanks

    Loa
     
  2. odinsride macrumors 65816

    odinsride

    Joined:
    Apr 11, 2007
    #2
    I've never used Filevault before but I know that Truecrypt will do what you're looking to do: http://www.truecrypt.org/

    You can mount it only when you need it and it will ask you for the password every time.
     
  3. deconstruct60 macrumors 604

    Joined:
    Mar 10, 2009
    #3
    Filevault2 is gear to protect your data if you loose access to your system (e.g., laptop stolen). If you logout (and accounts are password protected ) then no one without a password can get to the data. In short, Filevault doesn't try to protect the data from you (the logged in user). In fact, it is the opposite. It tries to make the encryption completely transparent.

    I think the "power down" simulates enough of the "reboot" characteristics to trigger the normal system power up login.

    A Unix 'umount' or a Finder 'eject' ? If 'eject' isn't an available option then that's probably part of the problem. After an 'eject' that should be enough to flush metadata about the disk from the OS since it is 'gone' .
     
  4. Loa thread starter macrumors 65816

    Loa

    Joined:
    May 5, 2003
    Location:
    Québec
    #4
    Hello,

    I'll look into Truecrypt, but since Lion has equivalent encryption, I wanted to avoid the cost.

    The drive I'm encrypting isn't a boot volume, and the password is independent (different) from my login password.

    I'm ejecting the disk from the Finder, or from DU, and the results are the same. Is there a "stronger" eject?

    Thanks

    Loa
     
  5. deconstruct60 macrumors 604

    Joined:
    Mar 10, 2009
    #5
    Truecrypt is free. It will just cost you time; not money (at least directly).

    Similarly a sparse bundle disk image with a large upper limit on that disk effectively does the same thing. You'd have to double click on the image to invoke the mount process. But there are advantages to doing the whole drive since an extremely large file tends to invite metadata problems as the disk approaches being 90% full. (or someone putting something else on the disk that isn't encrypted. )

    Filevault2 doesn't encrypt with login passwords but the logins are associated with the encryption.

    "... Users not enabled for FileVault unlock will only be able to log in to that Mac after an unlock-enabled user has started or unlocked the drive. Once unlocked, the drive remains unlocked and available to all users, until the computer is shut down. ... "
    http://support.apple.com/kb/HT4790

    You are mimicking the computer shutdown with the external drive being shutdown.

    No. But there is a 'weaker' unmount .

    However, this tutorial on how to use the somewhat unsupported external drive encryption notes that:

    "... An important security note when using a partitioned drive: Once you've entered the password for a partition to mount it, that password is cached as long as any partition on the drive remains mounted. This means anyone could access an unmounted partition without needing to enter its password. You must unmount all partitions—eject the entire disk, as it were—to ensure that OS X requires a password again for each partition. ... "
    http://www.macworld.com/article/162999-2/2011/10/complete_guide_to_filevault_2_in_lion.html

    I'm not sure, but seems like a good chance that OS X may be treating all of the drives in enclosure as a cluster similar to how all the partitions of a single drive. You may have to eject them all to get the OS to flush the cache on the drives password. Otherwise, it just holds onto it.
     
  6. Loa thread starter macrumors 65816

    Loa

    Joined:
    May 5, 2003
    Location:
    Québec
    #6
    Hello,

    I installed Truecrypt and gave it a try. Seems to work fine, and I'll test it for a few weeks.

    Thanks for the info; I'm just sad that the integrated solution (filevault) isn't really helpful for multi-drive bays...

    Loa
     

Share This Page