misunderstanding how Filevault works

[brainnoise]

I have seen a number of posts that say that "when a filevault user is logged in, the user's files are not encrypted", and that one should logout to
encrypt them again.

This conflicts with how I thought filevault would work. I assumed it operates at the level of the disk driver -- that it enables a driver that decripts
the data as it reads it from disk into memory. In this approach, the data on disk is always encrypted, but any program that asks for the data (and has permissions) will receive the unencrypted data.

It is a big difference... In the scheme where all the data is decrypted on login, all one needs to do is power off the machine while the user is logged in,
and the data will now be unencrypted on the disk.

 

[Mumford]

The posts are essentially warning you that your files are accessible while you're logged in. Be sure to log out or lock your system when going afk.

 

[iVoid]

Basically, when you are logged in, your files can be read if someone is on your computer or if you have file sharing turned on they could be read remotely (assuming they have access to use your file sharing).

Technically speaking, they are not UNENCRYPTED on the disc, so if power fails your files will still be protected.

When you're logged in, any reading or writing to the encrypted filevault is unencrypted or encrypted on the fly.

So basically, your filevault files are always encrypted on the disc, logged in or not. It's just that when you're logged in, someone with access to our computer or your network could possibly read the data.

Key point is COULD. They'd have to get past your screensaver password (always a good idea to activate the 'require password' settign under Security -> General under System Preferences) or get through file sharing security to read anything from your filevault.