Is file vault really all that secure?

generik

macrumors 601
Original poster
Aug 5, 2005
4,116
1
Minitrue
I figured that a thief who has physical access to your machine can always use a boot up disc, reset your system's master password, then reset your password, and gain access.

So what's the point? :confused:
 

grapes911

Moderator emeritus
Jul 28, 2003
6,943
3
Citizens Bank Park
The File Vault password is not coupled with your login password. Meaning if you change you login password, you File Vault password does not change.

Personally, I prefer PGP. It allows me to encrypt and sign files and emails with the same key. Plus it is universal and cross-platform.
 

generik

macrumors 601
Original poster
Aug 5, 2005
4,116
1
Minitrue
grapes911 said:
The File Vault password is not coupled with your login password. Meaning if you change you login password, you File Vault password does not change.

Personally, I prefer PGP. It allows me to encrypt and sign files and emails with the same key. Plus it is universal and cross-platform.
Hmm.. but it does say there under System Preferences -> Security

"A Master Password is set for this computer...... it lets you unlock any FileVault account on this computer."
 

generik

macrumors 601
Original poster
Aug 5, 2005
4,116
1
Minitrue
Yeah.. apparently I was prompted the first time and I did set it :(

Is it possible to turn it off? Kinda a security loophole when you think about it.
 

grapes911

Moderator emeritus
Jul 28, 2003
6,943
3
Citizens Bank Park
I don't know if you can remove it. But why is it a security loophole? I'm now actually thinking about setting a password but not turning FV on. I don't want someone else doing it. I don't want a password put in there that I don't know, because that would really screw things up.
 

whocares

macrumors 65816
Oct 9, 2002
1,496
0
:noitаɔo˩
generik said:
Yeah.. apparently I was prompted the first time and I did set it :(

Is it possible to turn it off? Kinda a security loophole when you think about it.
If the data is really sensitive, only physically locking the computer up is safe. Even without Master Password set, FV can be crakced (given the thief has enough time to decrypt the data). Of course if it's only your accounts or credit card number, I wouldn't worry too[/t] much ;)
 

jeremy.king

macrumors 603
Jul 23, 2002
5,478
1
Fuquay Varina, NC
generik said:
I figured that a thief who has physical access to your machine can always use a boot up disc, reset your system's master password, then reset your password, and gain access.

So what's the point? :confused:
No encryption is going to be secure enough if someone has physical access to a machine...
 

andiwm2003

macrumors 601
Mar 29, 2004
4,325
379
Boston, MA
whocares said:
If the data is really sensitive, only physically locking the computer up is safe. Even without Master Password set, FV can be crakced (given the thief has enough time to decrypt the data). Of course if it's only your accounts or credit card number, I wouldn't worry too[/t] much ;)




slightly off topic: how safe is keychain access? can somebody crack that by simply booting from an istall disk? i don't think so, but can the keychain passwords be hacked?
 

cosmicsoftceo

macrumors newbie
Oct 11, 2002
29
0
generik said:
Yeah.. apparently I was prompted the first time and I did set it :(

Is it possible to turn it off? Kinda a security loophole when you think about it.
Unnecessary anyway. You can't reset the master password via the boot-up disk, as the OP stated. That lets you reset the Admin password for the computer, but certainly not the FileVault password.
 

0098386

Suspended
Jan 18, 2005
21,552
2,886
Cfg5 said:
Does anyone actually use filevault?
I tried it when i first got OSX. Might do it again soon, permanently *been watching too much Spooks*`
 

grapes911

Moderator emeritus
Jul 28, 2003
6,943
3
Citizens Bank Park
kingjr3 said:
No encryption is going to be secure enough if someone has physical access to a machine...
I highly doubt anyone short of the NSA can break the RSA encryption I use via PGP. The NSA even not be able to break it. Very secure.
 

JDOG_

macrumors 6502a
Nov 19, 2003
786
0
Oakland
I don't use filevault simply based on the fact that I don't trust myself to keep track of so many passwords. IF somebody did get a hold of my system they wouldn't find too much exciting stuff. All the good stuff is on my external drives :D

I'm also peckish after that whole debaucle where people couldn't decrypt their filevaulted files.
 

ElectricSheep

macrumors 6502
Feb 18, 2004
498
2
Wilmington, DE
whocares said:
If the data is really sensitive, only physically locking the computer up is safe. Even without Master Password set, FV can be crakced (given the thief has enough time to decrypt the data). Of course if it's only your accounts or credit card number, I wouldn't worry too[/t] much ;)


True, it would only require 2^120 (or so) operations to break 128-bit AES. The amount of time needed to do this makes breaking the key in your lifetime infeasible.

Arguably, the very purpose of encryption is to ensure that data remains secure when kept or sent in an insecure medium.

Now, if my understanding of the way Filevault works, your password (or at least a hash of that password) is used as a seed to create the key actually used for encryption purposes. That means once your data is encrypted only your password can be used to decrypt it.

If the 'master password' option is enabled, that password is used to encrypt the user passwords (or their hashes). Only that master password can be used to decrypt the user passwords (or hashes).

I imagine that if you reset the master password, FileVault will then be unable to decrypt the user passwords/hashes. Without being able to decrypt the user passwords/hashes, one cannot use the master password to decrypt the user's home directory. If you reset the user's password, you still won't be able to decrypt the data. When Apple tells you that you are totally screwed if you forget both the master password and your login password, I would believe them; your data will be un-retrievable.
 

Bern

macrumors 68000
Nov 10, 2004
1,857
1
Australia
I've never used File Vault for the same reason stated earlier, that drama with it not decrypting and corrupting the Home folder scared me away from it for life.
 

whocares

macrumors 65816
Oct 9, 2002
1,496
0
:noitаɔo˩
ElectricSheep said:
True, it would only require 2^120 (or so) operations to break 128-bit AES. The amount of time needed to do this makes breaking the key in your lifetime infeasible.
Well that's totally unfeasible, the time required to to that on BlueGene (136800 Gflops) exceeds Earth's life expectancy (cracking time > 1^14 years :eek: )

I was thinking more along the lines of "guessing" the password than actually trying to decrypt the data.
 

mabaker

macrumors 65816
Jan 19, 2008
1,113
261
I was thinking about that too recently. What’s the point of the FV if somebody cracks your home directory password… I still don’t quite get the relation between master and home folder passes and how is it any better than having one simple pass protected user account.:rolleyes:
 

Beaverman3001

macrumors 6502a
May 20, 2010
517
22
Resetting a user account with the master password just allows that user to login. Without the original set FileVault password, you still won't be able to read the encrypted data.

For example, say I have a user account with FileVault enabled and my password is 1234. If I forget that password, and reset the user account password using the master password, the user account password would no longer be 1234 (it would be whatever I set it to after using the master password), however, the FireVault data would still be encrypted with the original 1234 password. The master password does not change the FireVault password at all, only the login password for that user account. So unless the person knows your original password of 1234, they will not be able to see the encrypted data.
 

munkery

macrumors 68020
Dec 18, 2006
2,217
1
FileVault (and other disk encryption tools including full disk encryption solutions) is not safe from cold boot attacks if someone has physical access while the machine is still powered on (including sleep). Cold boot attacks reliably allow the recovery of disk encryption passwords from RAM.

So it is recommended that the system be powered OFF whenever it is not in use and the risk of theft is high. (Windows BitLocker disk encryption will reveal the password even if machine has been powered OFF if BitLocker is used with its basic default settings.)

Cold boot attacks are much less effective against sparse bundle disk images that are kept unmounted as much as possible while both logged in and out (FileVault image remains mounted while logged in). This is because the encryption keys are less likely to persist in RAM when the disk image is unmounted (overwritten). Unless a cold boot attack occurred soon after disk image was unmounted, the key for the disk image is secure.

The downside of not using full disk encryption is the swap files (includes hibernation image if battery drained during sleep) are not encrypted. But, users can encrypt the swap files by turning on "secure virtual memory" in the security pane of system preferences.

Given that cold boot attacks reveal a user's login password (that password also used for FileVault and login keychain), security sensitive items in the login keychain should be moved to a separate keychain that does not remain unlocked while logged in.

For extra security, use encrypted disk images as well as disk encryption solutions (FileVault & etc) if you need that level of enhanced security. Encrypted disk images alone should satisfy the security requirements of most users without the hassle of larger scale disk encryption, such as FileVault or TrueCrypt.

Make sure to have a good system of Backups if you are using any type of data encryption. Time Machine will only Backup FileVault images when the user is logged out but encrypted disk images (made with disk utility) do not impede Time Machine.
 
Last edited:

mulo

macrumors 68020
Aug 22, 2010
2,263
5
Behind you
I've never used File Vault for the same reason stated earlier, that drama with it not decrypting and corrupting the Home folder scared me away from it for life.
used file vault since day 1 and never had any problems except for blizzard installers, just needed to move those out of the home folder.
 

mabaker

macrumors 65816
Jan 19, 2008
1,113
261
Resetting a user account with the master password just allows that user to login. Without the original set FileVault password, you still won't be able to read the encrypted data.

For example, say I have a user account with FileVault enabled and my password is 1234. If I forget that password, and reset the user account password using the master password, the user account password would no longer be 1234 (it would be whatever I set it to after using the master password), however, the FireVault data would still be encrypted with the original 1234 password. The master password does not change the FireVault password at all, only the login password for that user account. So unless the person knows your original password of 1234, they will not be able to see the encrypted data.
Thank you. Very kind. :)
 

munkery

macrumors 68020
Dec 18, 2006
2,217
1
Resetting a user account with the master password just allows that user to login. Without the original set FileVault password, you still won't be able to read the encrypted data.

For example, say I have a user account with FileVault enabled and my password is 1234. If I forget that password, and reset the user account password using the master password, the user account password would no longer be 1234 (it would be whatever I set it to after using the master password), however, the FireVault data would still be encrypted with the original 1234 password. The master password does not change the FireVault password at all, only the login password for that user account. So unless the person knows your original password of 1234, they will not be able to see the encrypted data.
The FileVault master password is present to recover FileVault data if the user account password has been forgotten. The master password is not present just to reset the account password. The master password is used to reset the FileVault password, which is the same as the user password, in the event that the user password has been forgotten. http://docs.info.apple.com/article.html?path=Mac/10.4/en/mh1877.html

User passwords can be reset by an administrator or via the install disk if the only administrator has forgotten the admin account password. http://support.apple.com/kb/HT1274

If the user password for a FileVault protected account is changed by an administrator without using the master password then the FileVault protected data is inaccessible without the master password. Users can change their FileVault password without the master password by changing the login password via the "Accounts" pane in System Preferences while they are logged in.
 
Last edited: