Questions on FileVault and security

Discussion in 'OS X Mavericks (10.9)' started by neurophysicist, Nov 27, 2014.

  1. neurophysicist macrumors member

    Joined:
    Jul 20, 2011
    Location:
    Dagobah
    #1
    Hello,

    Currently I have a backup drive where both of my partitions are encrypted logical partitions that I made in disk utility. When I plug them into my computer I am prompted to enter a password to unlock them (as I expect).

    I want to encrypt the data on my MBP (internal) hard drive so I was thinking of enabling FileVault. I have a few questions:

    1. A few times I have taken internal hard drives from an old Mac, put them into external hard drive enclosures, and have freely been able to access the data by plugging them in via USB (these Macs did not have FileVault enabled).

    If FileVault is enabled, would this situation be prevented (say if my MBP was stolen)? If the internal hard drive was placed into an enclosure and someone tried to access it, would it be locked (the same way my backup drives prompt me for a password when I plug them into my MBP)? This is assuming they do not have my login password or FileVault recovery key.

    2. https://www.youtube.com/watch?v=CJ6AZMk2cy0

    In this case the user shows how to reset the password using online recovery to regain access to an OS X account (and I assume this also works offline if you use a bootable USB). Though the keychain is reset, a malicious hacker would have access to the files in that user's account. If FileVault is enabled, does it prevent the method demonstrated in this video?

    Using 10.9.5. Thanks for the help.
     
  2. SandboxGeneral Moderator emeritus

    SandboxGeneral

    Joined:
    Sep 8, 2010
    Location:
    Detroit
    #2
    If FileVault is enabled, your drive is encrypted and cannot be accessed without the password or recovery key, period. This is no matter how the drive is connected, externally or internally to any computer.
     
  3. neurophysicist thread starter macrumors member

    Joined:
    Jul 20, 2011
    Location:
    Dagobah
    #3
    Thanks SandboxGeneral. Regarding the second question, does the resetpassword command not work when using FileVault?
     
  4. SandboxGeneral Moderator emeritus

    SandboxGeneral

    Joined:
    Sep 8, 2010
    Location:
    Detroit
    #4
    I'm still looking into that.... If it does work, then I would ask what is the purpose of having disk encryption if it can be defeated this easily.
     
  5. neurophysicist thread starter macrumors member

    Joined:
    Jul 20, 2011
    Location:
    Dagobah
    #5
    That was exactly what I was thinking. Thank you, please let me know if you find anything.
     
  6. SandboxGeneral Moderator emeritus

    SandboxGeneral

    Joined:
    Sep 8, 2010
    Location:
    Detroit
    #6
    My Mac's are on Yosemite and encrypted with FileVault so I figured I'd just try what the video said. It turns out that it cannot be done. When I get to the part to select the volume for the main disk, it is grayed out and there is nothing to choose, therefore preventing the password keychain from being reset.

    2014-11-27 19.53.01.jpg
     
  7. neurophysicist thread starter macrumors member

    Joined:
    Jul 20, 2011
    Location:
    Dagobah
    #7
    Good to know, thanks.
     
  8. SandboxGeneral Moderator emeritus

    SandboxGeneral

    Joined:
    Sep 8, 2010
    Location:
    Detroit
    #8
    Yes, peace of mind. :)
     
  9. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #9
    Not allowing other administrators to access my home directory

    Part of my environment:

    Code:
    sh-3.2$ diskutil list /dev/disk0
    /dev/disk0
       #:                       TYPE NAME                    SIZE       IDENTIFIER
       0:      GUID_partition_scheme                        *750.2 GB   disk0
       1:                        EFI EFI                     209.7 MB   disk0s1
       2:          Apple_CoreStorage                         616.0 GB   disk0s2
       3:                 Apple_Boot Boot OS X               134.2 MB   disk0s3
       4:          Apple_CoreStorage                         133.2 GB   disk0s4
       5:                 Apple_Boot Recovery HD             650.0 MB   disk0s5
    sh-3.2$ 
    From another topic:

    Privacy, security. The larger of the two Apple_CoreStorage slices is used primarily for my home directory.

    In Ask Different: For multiple administrators: FileVault 2 alone is less secure than FileVault 1
     

Share This Page