Full disk encryption password question

Discussion in 'Mac OS X Lion (10.7)' started by Jethryn Freyman, Sep 16, 2011.

  1. Jethryn Freyman macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #1
    So, in the past I've used PGP disk encryption on Snow Leopard. Filevault 2 seems a lot more elegant though, much more integrated, so when I move to Lion I want to use its' built-in encryption.

    My question: can you choose a password that ISN'T your login password to encrypt the hard drive? Also, does it encrypt the Windows and/or recovery partition?

    My old PGP password was about 40 characters long, and I only ha to enter it once every few weeks, when I rebooted. My much shorter login password I'd enter several times a day to install software and whatever. I think it's a bit silly (though great to get newbies actually USING IT) to be forced to encrypt with your login password - disk encryption is supposed to be used with a long password, but you don't want to have to be typing that in three times a day to install software and so forth.

    Thanks for any help!
     
  2. marc11 macrumors 68000

    Joined:
    Mar 30, 2011
    Location:
    NY USA
    #2
    You continue to use your normal ID and Password to access the hard drive and data day to day, such as an id with admin rights to install software, etc, however if you forget your password you need the encryption key to access your data, which is a long string key. You have the option of saving the key some place, like DropBox or Printing it and or storing the key with Apple accessible via a few security questions.

    so far I have never had to use my encrypt key, just my normal id and password.
     
  3. Jethryn Freyman thread starter macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #3
    I'm pretty sure the key is still generated by the password or hashed in some way - haven't read much on encryption for ages though - so a longer, more complex password is always more secure than a short stubbly one.
     
  4. marc11 macrumors 68000

    Joined:
    Mar 30, 2011
    Location:
    NY USA
    #4
    It could be, but you do not need to use it unless you forget your admin password, so it is not such a big deal. So long as you store it some place safe and where you can get to it if you need it.
     
  5. Steve's Barber macrumors 6502a

    Joined:
    Jul 5, 2011
    #5
    I have a FileVault external drive that I boot from occasionally. It requires a 50 character log-in password and as far as I can tell... I need to type that whole thing in every time I make any kind of changes you speak of.
     
  6. Jethryn Freyman thread starter macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #6
    Sucks, I wish Apple had made a way to use a unique boot-only password....
     
  7. marc11 macrumors 68000

    Joined:
    Mar 30, 2011
    Location:
    NY USA
    #7
    Really? My external doesn't require that, I did have to enter a password when I encrypted it, but it was up to me how strong I wanted to make it.
     
  8. Jethryn Freyman thread starter macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #8
    Oh - I meant for the full encryption on a boot drive.
     
  9. Steve's Barber macrumors 6502a

    Joined:
    Jul 5, 2011
    #9
    Same here. I just made it roughly 50 characters long. :)

    The longer the better.
     
  10. AlecEdworthy macrumors 6502

    AlecEdworthy

    Joined:
    May 1, 2007
    Location:
    Leicestershire, UK
    #10
    Possible solution via dummy account

    What you could do is create a dummy account which has a long password on it and has the ability to decrypt the hard drive and then withdraw the decrypt permission from your own account. At boot time you enter the username and password for the dummy account and that allows decryption and logs you into that account. You then log out and log into your normal account and you're sorted. Long password needed at boot to decrypt but short password on your own account for login and software installs etc. Would that do?

    Alec
     
  11. Jethryn Freyman thread starter macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #11
    Sounds like an interesting workaround, though I think I'd do it as simply not even giving my everyday account permission to decrypt in the first place.
     
  12. AlecEdworthy macrumors 6502

    AlecEdworthy

    Joined:
    May 1, 2007
    Location:
    Leicestershire, UK
    #12
    I'm almost 100% certain you have to give at least one account permission to decrypt. You didn't mention having multiple accounts earlier so I didn't think you had any others.

    Alec
     
  13. Jethryn Freyman thread starter macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #13
    Yeah I think my plan will be to make an account specifically to encrypt the drive, have only that account authorised to decrypt, and then just log out after booting up and into my normal account.
     

Share This Page