Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How easy is it to decrypt FileVault 2 and Apple Encryption on a late 2013 MBPr 13"?

Hieveryone

Hieveryone

macrumors 603
Original poster
Apr 11, 2014
5,632
2,347
USA
I have a late 2013 MBPr 13"

I have FileVault 2 turned on and encrypt external drives.

How easy would it be to decrypt it.
 
Well from here a brute force on a 128-bit key as used by FV2 would take a billion billion years....but of course if you did start a brute force attack you could change the super-computer used for an exponentially faster one periodically so I'd bank on it taking an FV2 users lifetime to crack :)
 
Your Mac has to be turned off, in order for FileVault 2 to be effective.

Unless a person knows the password, (provided that it is a hard one to figure out) they won't be able to access the contents.
 
If you picked a dumb password, it would be easy. If you left the computer powered on, the encryption keys could be stolen from memory.

Since the implementation is closed source and from a US company, it should be assumed to be backdoored until proven otherwise, so it's likely that three letter agencies could get in if you are important enough and they can get away with it.

Other than that, a good password will thwart everyone except perhaps the US government. Rubber hose cryptanalysis is always an option for a determined attacker though.
 
Why isn't it 256?

----------
556fmjoe said:
If you picked a dumb password, it would be easy. If you left the computer powered on, the encryption keys could be stolen from memory.

Since the implementation is closed source and from a US company, it should be assumed to be backdoored until proven otherwise, so it's likely that three letter agencies could get in if you are important enough and they can get away with it.

Other than that, a good password will thwart everyone except perhaps the US government. Rubber hose cryptanalysis is always an option for a determined attacker though.
Click to expand...

What about products like trucrypt

----------
556fmjoe said:
If you picked a dumb password, it would be easy. If you left the computer powered on, the encryption keys could be stolen from memory.

Since the implementation is closed source and from a US company, it should be assumed to be backdoored until proven otherwise, so it's likely that three letter agencies could get in if you are important enough and they can get away with it.

Other than that, a good password will thwart everyone except perhaps the US government. Rubber hose cryptanalysis is always an option for a determined attacker though.
Click to expand...

So is standby not safe?
 
Hieveryone said:
Why isn't it 256?

What about products like trucrypt

So is standby not safe?
Click to expand...


Because 128-bit means the data will be attacked in another way (ie getting access via the logon password, recovering the key etc, ie NOT brute-forcing the key itself. If that is the case 256-bit is pointless.

Trucrypt? No idea but it presumably won't be integrated on the fly as with FV2??

No, with FV2 it secures the data when shutdown, once restarted the security lies in the access password strength, although I have no experience on what will be required to mount a FV2 external drive on another machine, I'd hope the password and FV2 key as an internal drive can easily be removed from a machine and become an external.
 
I would never use or recommend Truecrypt in light of recent events. https://www.schneier.com/blog/archives/2014/05/truecrypt_wtf.html

Standby will still be vulnerable as the keys will still be residing in RAM. The only way to be sure is to power it off or to run this command from a terminal to force OS X to destroy your encryption keys when you enter standby.

sudo pmset -a destroyfvkeyonstandby 1
Click to expand...

Change the 1 to a 0 to revert the setting to its default. This will force you to enter your Filevault password when you wake it up as the encryption keys will not be in RAM and will need to be recreated.
 
556fmjoe said:
I would never use or recommend Truecrypt in light of recent events. https://www.schneier.com/blog/archives/2014/05/truecrypt_wtf.html

Standby will still be vulnerable as the keys will still be residing in RAM. The only way to be sure is to power it off or to run this command from a terminal to force OS X to destroy your encryption keys when you enter standby.



Change the 1 to a 0 to revert the setting to its default. This will force you to enter your Filevault password when you wake it up as the encryption keys will not be in RAM and will need to be recreated.
Click to expand...

Where did you get that code? And can someone show it in action in a possible video? That code (if it actually works) is something that would fit my needs very well.

I have Trim Enabler running. I would need to turn that off first, yes?
 
556fmjoe said:
http://www.cnet.com/news/prevent-os-x-filevault-keys-from-being-stored-in-standby-mode/

I don't see how Trim Enabler would matter either way. It's not touching the disk; it's destroying the keys stored in RAM.
Click to expand...

I like the idea of the code you posted. Turning FV back on would create a different key than the default install does, which makes your Apple password the same as the FV key. I would have to memorize that new key, now that i have FV turned off, if I wanted to avail myself of removing the keys from RAM. My Apple password is already 25 characters long. lol
 
Last edited:
simonsi said:
Because 128-bit means the data will be attacked in another way (ie getting access via the logon password, recovering the key etc, ie NOT brute-forcing the key itself. If that is the case 256-bit is pointless.

Trucrypt? No idea but it presumably won't be integrated on the fly as with FV2??

No, with FV2 it secures the data when shutdown, once restarted the security lies in the access password strength, although I have no experience on what will be required to mount a FV2 external drive on another machine, I'd hope the password and FV2 key as an internal drive can easily be removed from a machine and become an external.
Click to expand...


But what about the password that you use to login into the the individual accounts?
 
Hieveryone said:
But what about the password that you use to login into the the individual accounts?
Click to expand...

That is my point (and others), if you are just logging in then your data protection is only as strong as your login password - your data may as well be unencrypted.

If your machine is shutdown then the FV2 password applies as well.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back