Full disk encryptuion

[ring]

Since we are all aware that filevault2 has been cracked (in a mere matter of minutes), what is the best way to secure the entirety of your Mac OS operating system. The truecrypt manual says it supports full disk system encryption for a variety of winblows devices, but not mac.


Are there any secure alternatives that you can personally recommend?

I also heard that so long as your computer isn't in "sleep" mode, FV2 will still hold it's integrity. Is this true?


Thanks and as always:

Love,
Ring

 

[miles01110]

Very few people actually need full disk encryption. For the small subset of your files with sensitive information, make an encrypted disk image.

 

[cerote]

You mean with expensive software. And there are more things needed for them to crack it. The computer still has to be on for them to do it. So just use file vault 2 and just shut off your computer every time you are away.

Filevault is fine.

 

[burne]

truecrypt

The very same company has been blowing its horn over their very expensive software being able to 'crack' truecrypt, bitlocker and a host of application-based encryptions.

Apple just came up in their publicity-calender.

They rely on cached copies of your password somewhere in memory, being reabable by their application. Secure virtual memory makes that harder, ASLR makes it harder, and soon their app is toast because it becomes impossible when somebody thinks of a way to prevent the last tiny loophole.

When the feds kick down your frontdoor you just pull the plug from your computer. If you are truely paranoid you could have your burglar-alarms switch off your computers.

 

[Fabricman112]

set a Firmware password and you´re safe
boot into recovery (cmd+R) it´s under utilities

this disables FireWire (Thunderbolt) DMA in sleep/hibernate

http://matt.ucc.asn.au/apple/
http://www.frameloss.org/2011/09/18/firewire-attacks-against-mac-os-lion-filevault-2-encryption/

 

[ring]

As inclined by the Security Now Podcast, and Steve Gibson (the host), I fundamentally distrust any encryption that isn't open sourced. Because "How can we tell if Apple installed a backdoor that can be used by a (3 letter agency) or a (bad guy exploiting the backdoor for a (3 letter agency)).


Further thoughts?

 

[flynz4]

Very few people actually need full disk encryption. For the small subset of your files with sensitive information, make an encrypted disk image.

I do not agree with this. Even having access to ones email address is probably sufficient to perform identity theft. Access to the entire computer disk is worse. I do think it is true that most people do not think they have sensitive information... but that is not necessary mean they shouldn't protect their systems. Being a victim of identity theft can really upset ones life from what I understand.

We personally use FV2 on all of our computers. When traveling, we shut down our MBAs when not in use. I am a lot more worried about theft of our iPads or iPhones.

/Jim

 

[GeekGuys]

If you are able to replace the hard drive then you can replace the stock drive with an encrypted version. Full Disk Encryption is better than FV (which is built into Lion) as it removes the crypto work from the kernel and does it in hardware.

Some drives are compatible with Mac EFI but check before hand.

 

[ring]

If you are able to replace the hard drive then you can replace the stock drive with an encrypted version. Full Disk Encryption is better than FV (which is built into Lion) as it removes the crypto work from the kernel and does it in hardware.

Some drives are compatible with Mac EFI but check before hand.

FV (2) does work w/ full disk encryption.