mrichmon said:Unless the PC is running linux (from the pc hard drive or from a knoppix CD), or unless you buy a HFS+ driver for windows (eg MacOpener, MacDrive) for about $40.
Permissions are stored on the disk based on the numeric user id. This means that if the drive stores user "fred" as UID 501 and the drive is connected to a machine that also has a user with UID 501, say "jane" then the files will appear to be owned by "jane" on the second computer. Since the permissions are stored on the filesystem based on the UID, the question is whether a UID of 501 exists. If it does not then the files will be "owned" by "unknown". In either case access permissions for user group and other will be observed.
By default OS X mounts external drives using an option to igore the owner of the files. What you are forgetting is that if the user has root or admin access then they can access any file on the system, bypassing the standard filesystem permissions.
This is not a security issue. This is a privacy issue. There are other mechanisms to address the privacy issue. Specifically file encryption (using openssl, PGP, etc) or file system encryption (eg FileVault).
So, the computer should just magically protect people? The admin password is just a chunk of data on the hard drive as far as the hardware is concerned. There is nothing special about it. And what do you want to happen when the sector on your harddrive storing your admin password goes bad? Should an unfortunate bad sector make it impossible for you to access your data, even if you do not need the level of privacy protection that you suggest?
The closest viable technical solution to the hardware controls you are suggesting is restricting target firewire mode in the open firmware.
Randall said:Well sure, but if it's selective, then people with many files could be a big hassle to encrypt them. i.e. Did I encrypt this file? etc. If you just encrypt your whole home directory/partition then you don't ever have to worry about it. True that a lot of things will be unnecessarily encrypted (misic, videos, etc.) but I think it's a small price to pay for not having to worry about it.
grapes911 said:
grapes911 said:Not true (unless by "lots of time", you mean billions of years). If you use a very secure algorithm and a very secure password, your files are pretty much impossible to crack. Even with some of the fastest supercomputers, it is estimated to take billions of years on average to crack something like RSA. Quantum computers may change this, but they are still years away from any practical use.
Yes, if they made it so that you could pick certain folders within your home directory to encrypt, then that would probably be ideal. I use File Vault, and there is a slight performance hit depending on what you're doing (searching for many files, working with large files, etc.). I don't believe that there are any other disadvantages to using it. Although, it can take a long time to encrypt your home directory initially, depending on how many files you have in there before you start using File Vault. But once that's done, everything is on the fly. IMO the performance hit is negligible, and worth the added security.Diatribe said:Just making it able to select folders would be nice.
Does anyone have any experiences on the slowdown using File Vault? And are there any other disadvantages?
Randall said:Yes, if they made it so that you could pick certain folders within your home directory to encrypt, then that would probably be ideal. I use File Vault, and there is a slight performance hit depending on what you're doing (searching for many files, working with large files, etc.). I don't believe that there are any other disadvantages to using it. Although, if you have a large hard drive, it can take a long time to encrypt your home directory initially, depending on how many files you have in there before you start using File Vault. But once that's done, everything is on the fly. IMO the performance hit is negligible, and worth the added security.
Can you reset the master password without knowing it first? I don't think you can. If you can then yes, File Vault is completely useless. It would just be stupid of Apple to allow this to be true, and it's the first I've heard of it. I find it hard to believe that you could do this.Diatribe said:Yeah but as I have written in the other post...
File Vault doesn't secure ****.
If you reset the master password with the installation disk you can turn off File Vault too. So it's no use either way, or am I missing sth. here?
Diatribe said:Yeah but as I have written in the other post...
File Vault doesn't secure ****.
If you reset the master password with the installation disk you can turn off File Vault too. So it's no use either way, or am I missing sth. here?
!= will sufficegrapes911 said:Master Password (does not equal) Admin Password.
How do you do a does not equal sign?
But I don't know how many people know programming. I was looking for the symbol from this page. It is much more standard.Randall said:!= will suffice
crap freakboy said:I thought this was common knowledge.
I think the html code for not equals (the symbol) is ≠ and I got it on my Windows box at work with Alt + 2260 (Arial Font)grapes911 said:But I don't know how many people know programming. I was looking for the symbol from this page. It is much more standard.
That's why you move the iTunes Music folder out of your home folder before enabeling FileVault...Diatribe said:But as I said before... who needs their music library encrypted...? It needs to be selective.
Can anybody confirm or deny Diatribe's claim here? Can you reset the master password without knowing it first? That would be insane if it were true.Diatribe said:Yeah but as I have written in the other post...
File Vault doesn't secure ****.
If you reset the master password with the installation disk you can turn off File Vault too. So it's no use either way, or am I missing sth. here?
You cannot reset the Master Password. You can reset the Admin Password.Randall said:Can anybody confirm or deny Diatribe's claim here? Can you reset the master password without knowing it first? That would be insane if it were true.
Master Password (does not equal) Admin Password.
Wow. I got so distracted with the not equals thing that I ignored the content of your post. LOL sorry.grapes911 said:You cannot reset the Master Password. You can reset the Admin Password.
And as I said before:
No, he's not right. Like grapes said earlier (and again while I was rummaging through Apple SupportRandall said:Can anybody confirm or deny Diatribe's claim here? Can you reset the master password without knowing it first? That would be insane if it were true.
from About FileVault.When you turn on FileVault, you also set up a master password for the computer that you or an administrator can use if you forget your regular login password.
WARNING: If you turn on FileVault and then forget both your login password and your master password, you will not be able to log in to your account and your data will be lost forever.
$ openssl enc -e -a -salt -aes-256-cbc -in examplefile.jpg -out examplefile.aes
enter aes-256-cbc encryption password:
Verifying password - enter aes-256-cbc encryption password:
$ openssl enc -d -a -aes-256-cbc -in examplefile.aes -out examplefile.jpg
enter aes-256-cbc decryption password:
Mitthrawnuruodo said:That's why you move the iTunes Music folder out of your home folder before enabeling FileVault...
Edit: Way too slow, but I hope the link was helpful. That way you can still let iTunes take care of all the organizing for you...
![]()
One problem with that - if you use iTunes, you load them up, iTunes will copy them into your home directory. Then let's say your wife wants to do the same in her account, you then have three copies of the same songs on your machine. Awful if you have a large ammount of songs. Then you kid/s decides to load them into iTunes on their account!!!trainguy77 said:One way to get around this is to move the music library into a different folding, currently i have mine in the shared folder.![]()
Then turn that preference off.howesey said:One problem with that - if you use iTunes, you load them up, iTunes will copy them into your home directory . . .