How easy is it to decrypt FileVault 2 and Apple Encryption on a late 2013 MBPr 13"?

Discussion in 'MacBook Pro' started by Hieveryone, Jan 6, 2015.

  1. Hieveryone macrumors 68020

    Joined:
    Apr 11, 2014
    #1
    I have a late 2013 MBPr 13"

    I have FileVault 2 turned on and encrypt external drives.

    How easy would it be to decrypt it.
     
  2. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #2
    Well from here a brute force on a 128-bit key as used by FV2 would take a billion billion years....but of course if you did start a brute force attack you could change the super-computer used for an exponentially faster one periodically so I'd bank on it taking an FV2 users lifetime to crack :)
     
  3. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #3
    Your Mac has to be turned off, in order for FileVault 2 to be effective.

    Unless a person knows the password, (provided that it is a hard one to figure out) they won't be able to access the contents.
     
  4. Qaanol macrumors 6502a

    Joined:
    Jun 21, 2010
    #4
    Any malicious attacker can decrypt your drive in minutes using a $5 tool.
     
  5. 556fmjoe macrumors 65816

    Joined:
    Apr 19, 2014
    #5
    If you picked a dumb password, it would be easy. If you left the computer powered on, the encryption keys could be stolen from memory.

    Since the implementation is closed source and from a US company, it should be assumed to be backdoored until proven otherwise, so it's likely that three letter agencies could get in if you are important enough and they can get away with it.

    Other than that, a good password will thwart everyone except perhaps the US government. Rubber hose cryptanalysis is always an option for a determined attacker though.
     
  6. Hieveryone thread starter macrumors 68020

    Joined:
    Apr 11, 2014
    #6
    Why isn't it 256?

    ----------

    What about products like trucrypt

    ----------

    So is standby not safe?
     
  7. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #7


    Because 128-bit means the data will be attacked in another way (ie getting access via the logon password, recovering the key etc, ie NOT brute-forcing the key itself. If that is the case 256-bit is pointless.

    Trucrypt? No idea but it presumably won't be integrated on the fly as with FV2??

    No, with FV2 it secures the data when shutdown, once restarted the security lies in the access password strength, although I have no experience on what will be required to mount a FV2 external drive on another machine, I'd hope the password and FV2 key as an internal drive can easily be removed from a machine and become an external.
     
  8. 556fmjoe macrumors 65816

    Joined:
    Apr 19, 2014
    #8
    I would never use or recommend Truecrypt in light of recent events. https://www.schneier.com/blog/archives/2014/05/truecrypt_wtf.html

    Standby will still be vulnerable as the keys will still be residing in RAM. The only way to be sure is to power it off or to run this command from a terminal to force OS X to destroy your encryption keys when you enter standby.

    Change the 1 to a 0 to revert the setting to its default. This will force you to enter your Filevault password when you wake it up as the encryption keys will not be in RAM and will need to be recreated.
     
  9. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #9
    Where did you get that code? And can someone show it in action in a possible video? That code (if it actually works) is something that would fit my needs very well.

    I have Trim Enabler running. I would need to turn that off first, yes?
     
  10. 556fmjoe macrumors 65816

    Joined:
    Apr 19, 2014
    #10
    http://www.cnet.com/news/prevent-os-x-filevault-keys-from-being-stored-in-standby-mode/

    I don't see how Trim Enabler would matter either way. It's not touching the disk; it's destroying the keys stored in RAM.
     
  11. BasicGreatGuy, Jan 6, 2015
    Last edited: Jan 6, 2015

    BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #11
    I like the idea of the code you posted. Turning FV back on would create a different key than the default install does, which makes your Apple password the same as the FV key. I would have to memorize that new key, now that i have FV turned off, if I wanted to avail myself of removing the keys from RAM. My Apple password is already 25 characters long. lol
     
  12. Hieveryone thread starter macrumors 68020

    Joined:
    Apr 11, 2014
    #12

    But what about the password that you use to login into the the individual accounts?
     
  13. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #13
    That is my point (and others), if you are just logging in then your data protection is only as strong as your login password - your data may as well be unencrypted.

    If your machine is shutdown then the FV2 password applies as well.
     

Share This Page