How easy is it to decrypt FileVault 2 and Apple Encryption on a late 2013 MBPr 13"?

Well from here a brute force on a 128-bit key as used by FV2 would take a billion billion years....but of course if you did start a brute force attack you could change the super-computer used for an exponentially faster one periodically so I'd bank on it taking an FV2 users lifetime to crack

 

Your Mac has to be turned off, in order for FileVault 2 to be effective.

Unless a person knows the password, (provided that it is a hard one to figure out) they won't be able to access the contents.

 

Any malicious attacker can decrypt your drive in minutes using a $5 tool.

 

If you picked a dumb password, it would be easy. If you left the computer powered on, the encryption keys could be stolen from memory.

Since the implementation is closed source and from a US company, it should be assumed to be backdoored until proven otherwise, so it's likely that three letter agencies could get in if you are important enough and they can get away with it.

Other than that, a good password will thwart everyone except perhaps the US government. Rubber hose cryptanalysis is always an option for a determined attacker though.

 

Because 128-bit means the data will be attacked in another way (ie getting access via the logon password, recovering the key etc, ie NOT brute-forcing the key itself. If that is the case 256-bit is pointless.

Trucrypt? No idea but it presumably won't be integrated on the fly as with FV2??

No, with FV2 it secures the data when shutdown, once restarted the security lies in the access password strength, although I have no experience on what will be required to mount a FV2 external drive on another machine, I'd hope the password and FV2 key as an internal drive can easily be removed from a machine and become an external.

 

I would never use or recommend Truecrypt in light of recent events. https://www.schneier.com/blog/archives/2014/05/truecrypt_wtf.html

Standby will still be vulnerable as the keys will still be residing in RAM. The only way to be sure is to power it off or to run this command from a terminal to force OS X to destroy your encryption keys when you enter standby.

Change the 1 to a 0 to revert the setting to its default. This will force you to enter your Filevault password when you wake it up as the encryption keys will not be in RAM and will need to be recreated.

 

Where did you get that code? And can someone show it in action in a possible video? That code (if it actually works) is something that would fit my needs very well.

I have Trim Enabler running. I would need to turn that off first, yes?

 

http://www.cnet.com/news/prevent-os-x-filevault-keys-from-being-stored-in-standby-mode/

I don't see how Trim Enabler would matter either way. It's not touching the disk; it's destroying the keys stored in RAM.

 

I like the idea of the code you posted. Turning FV back on would create a different key than the default install does, which makes your Apple password the same as the FV key. I would have to memorize that new key, now that i have FV turned off, if I wanted to avail myself of removing the keys from RAM. My Apple password is already 25 characters long. lol

 

That is my point (and others), if you are just logging in then your data protection is only as strong as your login password - your data may as well be unencrypted.

If your machine is shutdown then the FV2 password applies as well.