Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Full disk encryption password question

Jethryn Freyman

Jethryn Freyman

macrumors 68020
Original poster
Aug 9, 2007
2,329
3
Australia
So, in the past I've used PGP disk encryption on Snow Leopard. Filevault 2 seems a lot more elegant though, much more integrated, so when I move to Lion I want to use its' built-in encryption.

My question: can you choose a password that ISN'T your login password to encrypt the hard drive? Also, does it encrypt the Windows and/or recovery partition?

My old PGP password was about 40 characters long, and I only ha to enter it once every few weeks, when I rebooted. My much shorter login password I'd enter several times a day to install software and whatever. I think it's a bit silly (though great to get newbies actually USING IT) to be forced to encrypt with your login password - disk encryption is supposed to be used with a long password, but you don't want to have to be typing that in three times a day to install software and so forth.

Thanks for any help!
 
You continue to use your normal ID and Password to access the hard drive and data day to day, such as an id with admin rights to install software, etc, however if you forget your password you need the encryption key to access your data, which is a long string key. You have the option of saving the key some place, like DropBox or Printing it and or storing the key with Apple accessible via a few security questions.

so far I have never had to use my encrypt key, just my normal id and password.
 
marc11 said:
You continue to use your normal ID and Password to access the hard drive and data day to day, such as an id with admin rights to install software, etc, however if you forget your password you need the encryption key to access your data, which is a long string key. You have the option of saving the key some place, like DropBox or Printing it and or storing the key with Apple accessible via a few security questions.

so far I have never had to use my encrypt key, just my normal id and password.
Click to expand...
I'm pretty sure the key is still generated by the password or hashed in some way - haven't read much on encryption for ages though - so a longer, more complex password is always more secure than a short stubbly one.
 
Jethryn Freyman said:
I'm pretty sure the key is still generated by the password or hashed in some way - haven't read much on encryption for ages though - so a longer, more complex password is always more secure than a short stubbly one.
Click to expand...

It could be, but you do not need to use it unless you forget your admin password, so it is not such a big deal. So long as you store it some place safe and where you can get to it if you need it.
 
I have a FileVault external drive that I boot from occasionally. It requires a 50 character log-in password and as far as I can tell... I need to type that whole thing in every time I make any kind of changes you speak of.
 
Steve's Barber said:
I have a FileVault external drive that I boot from occasionally. It requires a 50 character log-in password and as far as I can tell... I need to type that whole thing in every time I make any kind of changes you speak of.
Click to expand...
Sucks, I wish Apple had made a way to use a unique boot-only password....
 
Steve's Barber said:
I have a FileVault external drive that I boot from occasionally. It requires a 50 character log-in password and as far as I can tell... I need to type that whole thing in every time I make any kind of changes you speak of.
Click to expand...

Really? My external doesn't require that, I did have to enter a password when I encrypted it, but it was up to me how strong I wanted to make it.
 
Possible solution via dummy account

What you could do is create a dummy account which has a long password on it and has the ability to decrypt the hard drive and then withdraw the decrypt permission from your own account. At boot time you enter the username and password for the dummy account and that allows decryption and logs you into that account. You then log out and log into your normal account and you're sorted. Long password needed at boot to decrypt but short password on your own account for login and software installs etc. Would that do?

Alec
 
AlecEdworthy said:
What you could do is create a dummy account which has a long password on it and has the ability to decrypt the hard drive and then withdraw the decrypt permission from your own account. At boot time you enter the username and password for the dummy account and that allows decryption and logs you into that account. You then log out and log into your normal account and you're sorted. Long password needed at boot to decrypt but short password on your own account for login and software installs etc. Would that do?

Alec
Click to expand...
Sounds like an interesting workaround, though I think I'd do it as simply not even giving my everyday account permission to decrypt in the first place.
 
Jethryn Freyman said:
Sounds like an interesting workaround, though I think I'd do it as simply not even giving my everyday account permission to decrypt in the first place.
Click to expand...
I'm almost 100% certain you have to give at least one account permission to decrypt. You didn't mention having multiple accounts earlier so I didn't think you had any others.

Alec
 
AlecEdworthy said:
I'm almost 100% certain you have to give at least one account permission to decrypt. You didn't mention having multiple accounts earlier so I didn't think you had any others.
Click to expand...
Yeah I think my plan will be to make an account specifically to encrypt the drive, have only that account authorised to decrypt, and then just log out after booting up and into my normal account.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back