Is there any reason NOT to use Filevault 2 in Lion?

[Spacemarine]

A few weeks ago, I got my new MBA, 11", 2GB Ram, 64 GB Toshiba SSD.

I've just measued the difference in SSD speed between the unencrypted and the encrypted system. Due to the encryption, my SSD gets about 20% slower. (180 MB/s vs. 220 MB/s)

Since the new Intel Core I processors support the AES-NI, the CPU usage during encryption is negligible. (The Truecrypt benchmark shows over 800 MB/s of AES in Ram)

This means: All the benefits of encryption come pretty much for free.
Now just imagine you loose your MBA or it gets stolen. The thief can read all of your emails, look at all your pictures on your MBA. He can also put your emails and pictures onto the web together with you full name. Maybe he can also log into your facebook-account and write messages to your friends under your name. Does this sound like something you would like?

So my question is: Why is not everyone using encryption? What reasons do you have to keep it turned off?

 

[KPOM]

I encrypted mine but one reason not to would be if you are sharing the drive/partition with another OS (e.g. OS X 10.6 or Windows 7) that does not support encryption. Boot Camp adds drivers to Windows to let it read HFS+ partitions, but not encrypted ones.

 

[misterneums]

A few weeks ago, I got my new MBA, 11", 2GB Ram, 64 GB Toshiba SSD.

I've just measued the difference in SSD speed between the unencrypted and the encrypted system. Due to the encryption, my SSD gets about 20% slower. (180 MB/s vs. 220 MB/s)

Since the new Intel Core I processors support the AES-NI, the CPU usage during encryption is negligible. (The Truecrypt benchmark shows over 800 MB/s of AES in Ram)

This means: All the benefits of encryption come pretty much for free.
Now just imagine you loose your MBA or it gets stolen. The thief can read all of your emails, look at all your pictures on your MBA. He can also put your emails and pictures onto the web together with you full name. Maybe he can also log into your facebook-account and write messages to your friends under your name. Does this sound like something you would like?

So my question is: Why is not everyone using encryption? What reasons do you have to keep it turned off?

I hear Time Machine backups from the encrypted take FOREVER

 

[X5-452]

I've just measued the difference in SSD speed between the unencrypted and the encrypted system. Due to the encryption, my SSD gets about 20% slower. (180 MB/s vs. 220 MB/s)

What's the average speed for a hard disk? I haven't turned in on simply because I remember what a nightmare it was when I enabled it while using Leopard on my '06 MacBook.

 

[KPOM]

What's the average speed for a hard disk? I haven't turned in on simply because I remember what a nightmare it was when I enabled it while using Leopard on my '06 MacBook.

A decent non-RAID hard disk might put out about 1/3 of the numbers of an encrypted SSD. If you are switching from a HDD model, don't worry about the impact on speed. The SSD will still blow it away.

 

[Cynicalone]

How does it change the login?

Does it add extra steps to the login?

Would I need to completely redo my backups?

Would other computers on my home network work with it?


These and many other questions and worries have kept me from doing it. I need my MacBook Air to just work. Not add an extra layer of protection that creates more work for me down the road.

FileVault version 1 was a mess, I'm kinda waiting to see what problems version 2 creates.

 

[KPOM]

How does it change the login?

Does it add extra steps to the login?

The main difference now is that you have to enter in a password whenever you open the lid. The option to turn off the password or login is disabled (which makes sense)

Would I need to completely redo my backups?

If you use Time Machine, it handles it automatically. If you use Carbon Copy Cloner, note that you'd need to encrypt your external drive first. Otherwise, CCC will make an unencrypted clone of your SSD's contents.

Would other computers on my home network work with it?

As long as it is on, it should work. I don't have a home network, though.

 

[flynz4]

How does it change the login?

Does it add extra steps to the login?

Would I need to completely redo my backups?

Would other computers on my home network work with it?


These and many other questions and worries have kept me from doing it. I need my MacBook Air to just work. Not add an extra layer of protection that creates more work for me down the road.

FileVault version 1 was a mess, I'm kinda waiting to see what problems version 2 creates.

FV2 is very different (vastly superior) than FV1.

To directly answer your questions:

Does it add extra steps to the login? It changes the order of things during login. Your login ID comes up almost immediately (right after power on tests)... and once you log in... then the machine boots. You go immediately into your login account.

Would I need to completely redo my backups? No, I do not believe so. FV2 operates as part of the file system... so the data is encrypted during write and read operations from the drive. TM backups are actually written in unencrypted format. You can still encrypt your backup... or use password protected drives (ex: TC), but that is independent from FV2.

Would other computers on my home network work with it? Yes... for the same reason identified above. FV2 is part of the file system. Data is presented to the OS unencrypted.

For me... FV2 is the most important enhancement to OSX 10.7 Lion. I have always felt that my MBA was the weak link in my computing system because it is subject to theft... and because login passwords are trivial to circumvent. The OP laid out a few scenarios (such as someone sending messages to your FB friends)... that grossly understate the security issue. I would be more worried about a full blown identity theft.

I initially only applied FV2 to my family's 3 MBAs. It worked so well I turned it on for both iMacs as well.

/Jim

 

[Rusty33]

I hear Time Machine backups from the encrypted take FOREVER

You hear incorrectly...the initial back up ON TO an encrypted drive can take some time, but subsequent backups are quite snappy.

 

[flynz4]

I hear Time Machine backups from the encrypted take FOREVER

I have been using TM/TC for a long time. I also use Crashplan+ for cloud backups.

Prior to Lion, I was NOT encrypting my HDD/SSD. Since Lion, I have been using FV2. I have not noticed any differences in time to backup whatsoever. If there are differences, it is not noticeable to me.

I back up my machines via TM every hour. I back up to the cloud (Crashplan+) every 15 minutes. My backup set is about 1TB in size.

/Jim

 

[jim468]

Does it add extra steps to the login? It changes the order of things during login. Your login ID comes up almost immediately (right after power on tests)... and once you log in... then the machine boots. You go immediately into your login account.

/Jim

I am not sure if you have bootcamp installed. But does the Lion optional boot-screen (the one which also has the boot from Recovery HD link and wifi option) come before the new login screen or after that?

 

[Cynicalone]

The main difference now is that you have to enter in a password whenever you open the lid. The option to turn off the password or login is disabled (which makes sense)



If you use Time Machine, it handles it automatically. If you use Carbon Copy Cloner, note that you'd need to encrypt your external drive first. Otherwise, CCC will make an unencrypted clone of your SSD's contents.



As long as it is on, it should work. I don't have a home network, though.

FV2 is very different (vastly superior) than FV1.

To directly answer your questions:

Does it add extra steps to the login? It changes the order of things during login. Your login ID comes up almost immediately (right after power on tests)... and once you log in... then the machine boots. You go immediately into your login account.

Would I need to completely redo my backups? No, I do not believe so. FV2 operates as part of the file system... so the data is encrypted during write and read operations from the drive. TM backups are actually written in unencrypted format. You can still encrypt your backup... or use password protected drives (ex: TC), but that is independent from FV2.

Would other computers on my home network work with it? Yes... for the same reason identified above. FV2 is part of the file system. Data is presented to the OS unencrypted.

For me... FV2 is the most important enhancement to OSX 10.7 Lion. I have always felt that my MBA was the weak link in my computing system because it is subject to theft... and because login passwords are trivial to circumvent. The OP laid out a few scenarios (such as someone sending messages to your FB friends)... that grossly understate the security issue. I would be more worried about a full blown identity theft.

I initially only applied FV2 to my family's 3 MBAs. It worked so well I turned it on for both iMacs as well.

/Jim

Thank you both for the info.

I really think for the the first time I might encrypt my laptop.

I take my Air on location a lot and sometimes I have to leave it unattended. Encryption would certainly relieve some stress about carry it everywhere I go.

 

[flynz4]

I am not sure if you have bootcamp installed. But does the Lion optional boot-screen (the one which also has the boot from Recovery HD link and wifi option) come before the new login screen or after that?

Sorry, I have not installed Bootcamp. The few times I considered it... I always found alternatives.

Having said that... I do not think that FV2 does anything with the BC partition. You would need to check with a BC user to be sure.

/Jim

 

[KPOM]

I am not sure if you have bootcamp installed. But does the Lion optional boot-screen (the one which also has the boot from Recovery HD link and wifi option) come before the new login screen or after that?

If you hold down the option key while you reboot, the first thing that comes up is the menu to choose the OS X or Windows 7 partition. If you select OS X, then the login for the encryption comes up.

 

[jim468]

Sorry, I have not installed Bootcamp. The few times I considered it... I always found alternatives.

Having said that... I do not think that FV2 does anything with the BC partition. You would need to check with a BC user to be sure.

/Jim

If you hold down the option key while you reboot, the first thing that comes up is the menu to choose the OS X or Windows 7 partition. If you select OS X, then the login for the encryption comes up.

Thank you both for your replies.

----------

A few weeks ago, I got my new MBA, 11", 2GB Ram, 64 GB Toshiba SSD.

I've just measued the difference in SSD speed between the unencrypted and the encrypted system. Due to the encryption, my SSD gets about 20% slower. (180 MB/s vs. 220 MB/s)

Since the new Intel Core I processors support the AES-NI, the CPU usage during encryption is negligible. (The Truecrypt benchmark shows over 800 MB/s of AES in Ram)

This means: All the benefits of encryption come pretty much for free.
Now just imagine you loose your MBA or it gets stolen. The thief can read all of your emails, look at all your pictures on your MBA. He can also put your emails and pictures onto the web together with you full name. Maybe he can also log into your facebook-account and write messages to your friends under your name. Does this sound like something you would like?

So my question is: Why is not everyone using encryption? What reasons do you have to keep it turned off?

The only reason stopping me from using FV2 is that tools like http://preyproject.com/ may not work. This is because such tools require a user to login for them to work.

I think once the "find my mac" feature hits public, it may be good alternative to Prey.

 

[Patriot24]

I was just looking into enabling this today. Great info in this thread. I'll definitely be using FV2 as of tomorrow.

Can anyone confirm that Prey doesn't work with FV2 enabled?

 

[Spacemarine]

Important a tip to safe time and increase security:

For the encryption you should choose a pretty long password. This password must resist brute-force attacs of billions of password per second. (If someone removes your hard drive and trys to decrypt it.)

In contrast, you should choose a rather short user-password, otherwise you will waste a lot of time, typing your long password just to work on some system settings or to unlock your screen or resume from standby. This password only has to withstand someone sitting in front of your computer and trying various passwords by typing them in. This means it can be considerably weaker and still provide adequate security.

With Filevault 2, you can achieve these to goals at the same time!
Here is how I did it:
I have only one user that is able to decrypt the drive, he is called "decryptor". On startup, I will enter his 30-character passwort and the system will start and he will be logged in. As soon as he is logged in, I log him out and log in with my real username. This user only has a very short password (6 characters) and is unable to decrypt the system.

Now I can lock the screen or suspend my Macbook and I only have to enter a very short password when I return. But it is still safe enough when I loose it!

What happens if a thief starts my Macbook? It will resume from standby and ask for my short user-password, which is still strong enough against someone trying a few thousand passwords on my keyboard. So when he has no luck unlocking my account, all he can do is remove the harddrive and use some specialized software to crack my password. This software could be able to try millions or billions of passwords per second, therefore it could crack my user-password within seconds. But this doesen't help him at all, because now he has to crack my high-security 30-character long password, which is practically impossible.

One other thing you should also do, is to disable deep-sleep, or "suspend-to-disk" how it is often called. (Although this will eat up your battery a little if you leave your Mac suspendend for a long time) If you would put your Mac to deep-sleep, the contents of your ram would get written onto the disk, exposing your decryption key to anyone who removes your disk.

You can disable deep-sleep by doing: sudo pmset -a hibernatemode 0

 

[jim468]

Important a tip to safe time and increase security:

For the encryption you should choose a pretty long password. This password must resist brute-force attacs of billions of password per second. (If someone removes your hard drive and trys to decrypt it.)

In contrast, you should choose a rather short user-password, otherwise you will waste a lot of time, typing your long password just to work on some system settings or to unlock your screen or resume from standby. This password only has to withstand someone sitting in front of your computer and trying various passwords by typing them in. This means it can be considerably weaker and still provide adequate security.

You don't always need to have a very long password to increase your encryption strength. You can have a shorter password but use special characters/symbols and it should still be OK.

FYI: http://en.wikipedia.org/wiki/Password_strength

 

[Spacemarine]

You don't always need to have a very long password to increase your encryption strength. You can have a shorter password but use special characters/symbols and it should still be OK.

That is absolutely right! I just didn't want to make my post too complicated.

So as it turns out, it seems that there aren't any real reasons not to use a Full-System-Encryption like Filevault 2. I just wonder how many people actually use it?