Help: How to Encrypt a Folder on Mac OS X (10.8.4)

Discussion in 'Mac Apps and Mac App Store' started by luisito, Sep 9, 2013.

  1. luisito macrumors regular

    luisito

    Joined:
    Nov 15, 2012
    #1
    Hello guys, I would like to know if any of you have the knowledge that could share with me about how to encrypt a specific folder where I store important files.

    I do Biomechanical Research at my institution and I've been warned that everything I do is "Top Secret" and that I have to abide by the law.

    So, I do not want anyone to get access to such information, even if it is a friend that is momentarily using my computer.

    I've been using an encrypted USB drive but honestly is a hassle to plug it in and out everytime all day long, I am looking for an optimized solution for my problem.

    Thank for all your help in advance.
    Luis
     
  2. chabig macrumors 68040

    Joined:
    Sep 6, 2002
    #2
  3. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #3
  4. curmudgeon32 macrumors regular

    Joined:
    Aug 28, 2012
    #4
    I would also consider 1) using FileVault to encrypt your whole drive and 2) creating a separate "guest" account if you anticipate sharing your machine. Only takes a second to go back to the lock screen, hand the machine over, and tell them to log in using the password "guest" or whatever. Then your stuff is (reasonably) out of sight unless they have an admin password.
     
  5. luisito thread starter macrumors regular

    luisito

    Joined:
    Nov 15, 2012
    #5
    What is a disk image?

    I never share my computer but what I am doing is serious stuff, so it is better to prevent anything bad from happening.

    Is it possible to encrypt the entire computer without formatting the drive? I have tried it with my external hard drive but it has to be formatted.
     
  6. bobr1952 macrumors 68020

    bobr1952

    Joined:
    Jan 21, 2008
    Location:
    Melbourne, FL
    #6
    You can turn on Firevault anytime--no need to reformat your drive. I'd recommend you enable it.
     
  7. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #7
    It is like a USB flash memory thumb drive in a way, you mount it via double clicking the disk image file, access its contents (read and write), and then unmount the disk image after use, but without the hassle of unplugging and plugging in the USB flash memory thumb drive.

    A video tutorial might follow.
     
  8. phrk, Sep 9, 2013
    Last edited: Sep 9, 2013

    phrk macrumors member

    Joined:
    Mar 26, 2012
    Location:
    Germany
    #8
    Use TrueCrypt. You create a virtual partition - a container. When you mount it via TrueCrypt you have to type in a password. When it's mounted it appears as a new harddisk and can be used just like one. When you're finished with your work just unmount it and it's protected again. The only downside is that you have to specify the size before you create it and then it's fixed.

    It's one of the best ways to encrypt data.

    https://en.wikipedia.org/wiki/TrueCrypt
     
  9. The Man macrumors 6502

    Joined:
    Jul 7, 2004
    #9
    This is no different than using a Disk Image then. And Disk Images are native to OS X, you can create it with Disk Uitility and use 256bit AES encryption, or 128bit AES if you need faster read/write.

    Be sure to turn on Reguire Password every time the Mac is turned on, and your mounted encrypted Disk Image should be safe -- although I'm no expert on this so please tell me if I'm wrong. I wouldn't store the password in the Keychain though.

    You can also use FileVault to encrypt your whole disk. This takes a lot of time if you have a large HDD. On SSD drives, it's pretty fast. My 128GB MacBook Air disk was encrypted in I believe 15 minutes. But normal HDD can take a long time...
     
  10. phrk macrumors member

    Joined:
    Mar 26, 2012
    Location:
    Germany
    #10
    Filevault full disk encryption is hackable.

    Also it's better to use open standards than closed.
     
  11. unfrostedpoptar macrumors regular

    Joined:
    Jan 29, 2010
    #11
    I've used both. For now, I'm using FV since it's simpler. But it does have more limitations when dealing with encrypted images on external drives.

    Also, TC is multi-platform, so you can access your encrypted images on Mac, Windows, Linux.

    I'd use FV on the system/boot disk mostly to stop someone from getting/booting your computer if it's stolen.

    I'd use TC for individual project/data folders, especially if they could be shared with other people not running Macs.

    David
     
  12. The Man macrumors 6502

    Joined:
    Jul 7, 2004
    #12
    Only through FireWire port. My MacBook doesn't have one. :) Unless that Thunderbolt adapter can be used too :eek:

    ----------

    True, if you need multi platform TC is the way to go.
     
  13. phrk macrumors member

    Joined:
    Mar 26, 2012
    Location:
    Germany
    #13
    Help: How to Encrypt a Folder on Mac OS X (10.8.4)

    Filevault uses as default the user password. As you use this alot (logging in, installation, etc) it's possibly stored in memory. And that's where it's vulnerable. That's not the case when the Mac is shutdown. But who does that.

    I would provide a source for the issue but I only know of a German one. If you still like to see it, I will provide it.
     
  14. The Man macrumors 6502

    Joined:
    Jul 7, 2004
    #14
    Yes, that's why it might be read through FireWire, because FireWire has direct system and memory access. But I don't know if Thunderbolt could be used in the same way.
     
  15. old-wiz macrumors G3

    Joined:
    Mar 26, 2008
    Location:
    West Suburban Boston Ma
  16. The Man macrumors 6502

    Joined:
    Jul 7, 2004
    #16
    External drive can be encrypted without formatting through the Finder. Just right-click on any external drive, and then choose Ecrypt. You will be prompted to enter a password. I don't think there is any feedback on the encryption process, so you have to let the computer do its chore for hours on large HDD. If you have external SSD on USB 3.0 it will probably be fast.
     
  17. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #17
    I believe you are referring to accessing the password stored in RAM via direct memory access (DMA), and DMA access was blocked starting with Lion 10.7.2.
     
  18. phrk, Sep 9, 2013
    Last edited: Sep 9, 2013

    phrk macrumors member

    Joined:
    Mar 26, 2012
    Location:
    Germany
    #18
    Help: How to Encrypt a Folder on Mac OS X (10.8.4)

    It's still a securityflaw to connect the password of the user account which is frequently used to the full disc encryption.

    EDIT: But you are right the known issue is fixed. Just read about it. Thanks for the info. Wasn't up to date on that topic.
     
  19. luisito thread starter macrumors regular

    luisito

    Joined:
    Nov 15, 2012
    #19
    Thank you all for your kind suggestions and apologize for the late reply. Work definitely gets in the way sometimes.

    Some points that I want to address would be:

    -Is there a negative characteristic to an Image?
    -Is is possible to reverse FileVault, remove the encryption with the click of a button?

    @phrk: I have used TrueCrypt on the past, but for Windows systems only; I had 2 internal and 1 external HDDs encrypted by that software, I am looking for an easier solution and low level of encryption. Nothing fancy. I personally don't want to use that kind of software on my mac, when there is already a solution provided by Apple themselves. :)

    @The Man: Same here, no Firewall port. Only 2 USBs and 1 Thunderbolt that doubles as mini display.
     
  20. chabig macrumors 68040

    Joined:
    Sep 6, 2002
    #20
    - The only negative is that you lose the data if you forget the password.
    - To remove the encryption on a drive, right-click and choose "Decrypt..."
     
  21. jayhawk11 macrumors 6502a

    jayhawk11

    Joined:
    Oct 19, 2007
    #21
    If the work you're doing is truly "Top Secret", then you should have an IT staff that can help you with this stuff. I recommend you use them since it seems like you're new to encryption.
     
  22. CylonGlitch macrumors 68030

    CylonGlitch

    Joined:
    Jul 7, 2009
    Location:
    SoCal
    #22
    If the work he is doing is truly top secret then there are a lot of restrictions on that data. Not likely that he can use anything in the black area. If he's copying top secret information, even encrypted he is in violation of his security clearance and could be fined and / or jailed. He should be talking to his FSO before doing anything with any information.

    My guess it is more corporate secrets in which case none of this matters.
     
  23. luisito thread starter macrumors regular

    luisito

    Joined:
    Nov 15, 2012
    #23
    Are you taking about the IT? Not quite following you on this one. I am not copying information, I am creating it.

    The data that I use is intellectual property, even though it is academic. Can't even discuss it during dinner with my family and can't let anyone access the information because if an unknown company gets a hold of this data, they can make millions out of it. The information is truly top secret.

    So far, I've been sticking with my encrypted USB drive.

    ----------

    Can't. By law, no one but me and superiors can get near this information. If I let someone teach me how to do it, I will be compromising the data. Intellectual property theft is a common thing nowadays.

    Like I replied to another use, I am sticking with my encrypted USB.
     
  24. CylonGlitch, Sep 17, 2013
    Last edited: Sep 17, 2013

    CylonGlitch macrumors 68030

    CylonGlitch

    Joined:
    Jul 7, 2009
    Location:
    SoCal
    #24
    I think you're miss using the term "Top Secret". There is an official classification of data that is Top Secret and that is highly secured / classified material within the government. What you have is Intellectual Property; it is a trade secret. It is VERY different than Top Secret information.

    Top Secret information can NOT be stored on any portable media without extreme security precautions being taken, not just encryption but control of the media as well, licensed couriers and paper trails of who has been in possession of the data at all times. This information is highly controlled via FSO (Facility Security Officers) who are trained to do this job. The use of USB Flash drives is considered an extreme No-No.

    What you have is a trade secret of a company; it is intellectual property. You are not allowed to share it with anyone and you have to do the best of your abilities to not distribute it. If you shared the information with others you could be subject to IP theft laws; but that's about it. If you had your flash drive lost or stolen, even if it was unencrypted, the company could fire you, or other reprimands but it would be almost impossible for them to sue you or have you arrested.

    Where as, loss of Top Secret information can be devastating to the country, cause deaths of countless people, and even unstablize regions of the world. Intentional distribution / sale of TS material can result in life in prisonment, huge fines, and even execution (Example.) Even if you lost the information by accident you are to be held accountable since you should never have such information in a way that it can be lost / stolen. It is YOUR responsibility. To have access to this information you are required to have a security clearance of the left of data that you are accessing. To get this clearance it takes about 18 to 24 months of a background investigation where they research not only you, but your entire immediate family for security risks. Any major negative mark on your record will invalidate your clearance and thus prevent you from having access to said material. Such as drug use, being in debt, contact with foreigners (depending on the country), and more.

    I think this is the cause of the confusion; although it is "Top Secret" for the company, it is not considered Top Secret information in terms of classifications. It is a corporate secret / trade secret.
     

Share This Page