|
|
Filevault still Flawed?
|
|
|
|
Registered User
Join Date: Apr 2007
Status:
Offline
|
|
I'm contemplating using file vault to secure an XP Virtual Machine (through VMware Fusion) because its not possible to use whole-disk encryption (i.e. truecrypt or pgp desktop) on a virtual machine (because it requires an extra bios layer that would muck-up the fake-bios that Fusion uses)...problem is I keep reading that Filevault is flawed due to SafeSleep not encrypting the contents of memory before hibernating the machine...so if an attacker gained physical access to the machine, then they could pull data (i.e. my account name/password?) out of the memory. See http://crypto.nsa.org/vilefault/23C3-VileFault.pdf for more info.
In any event, I noticed that there is a 'secure memory' option in Leopard, and I was wondering if this solves the issue at hand, or if file vault is innately insecure? If so, is there another practical means of securing a virtualized instance of XP from Leopard?
|
|
|
|
|
|
|
|
|
Registered User
Join Date: Apr 2007
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
Why don't you use an encrypted disk image?
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jan 2002
Location: California
Status:
Offline
|
|
Don't use FileVault. It does not play nice with Time Machine and generally sucks.
|
MacBook Pro
Mac Mini
|
|
|
|
|
|
|
|
Senior User
Join Date: Nov 2005
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Aug 2002
Status:
Offline
|
|
Whatever you do... DO NOT encrypt your VMWare Fusion Virtual Machine. There is a very sparsely documented bug that causes OS X to completely freeze up if you're trying to suspend, or take a snapshot of, a Virtual Machine that is within a FileVault protected Home Folder. I know this because I'm the one who discovered it. I spent a couple of days testing it.
To make matters even worse, after a couple of system freezes, the test machine would usually end up with massive data loss to to cumulative corruption. Once the Virtual Machine was moved outside of the Home Folder, everything worked perfectly.
|
"Design is not just what it looks like and feels like. Design is how it works." - Steve Jobs
|
|
|
|
|
|
|
|
Registered User
Join Date: Apr 2007
Status:
Offline
|
|
NeXTLoop: I'm a bit confused by your advice. Can I safely use the method that TETENAL suggested? That is, using Disk Utility to create an encrypted .dmg and then storing the Virtual Machine in there? That way I wouldn't have to deal with all the problems caused by filevault but could still ensure everything in XP is encrypted.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Aug 2002
Status:
Offline
|
|
Originally Posted by bmn
NeXTLoop: I'm a bit confused by your advice. Can I safely use the method that TETENAL suggested? That is, using Disk Utility to create an encrypted .dmg and then storing the Virtual Machine in there? That way I wouldn't have to deal with all the problems caused by filevault but could still ensure everything in XP is encrypted.
I don't know. I didn't test that method. Generally speaking, Virtual Machines don't do very well working from encryption. Perhaps using an encrypted disk image would be a low enough strain that it wouldn't create any problems.
|
"Design is not just what it looks like and feels like. Design is how it works." - Steve Jobs
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Feb 2008
Status:
Offline
|
|
Originally Posted by NeXTLoop
I don't know. I didn't test that method. Generally speaking, Virtual Machines don't do very well working from encryption. Perhaps using an encrypted disk image would be a low enough strain that it wouldn't create any problems.
Here is what I'm using, and so far I have not had any hiccups:
I created an encrypted sparsebundle disk image (must be a sparsebundle, not sparseimage) for all of my virtual machines and virtual shared folders. I have this set to automount upon login. With it mounted I went to Time Machine options and specified that the mounted disk is not to be included in the backup (though I don't know if Time Machine would have backed up such a mounted imaged disk).
Time Machine backs up the sparsebundle, which is really a folder with a bunch of 8 MB disk "stripes", and only those stripes that have changed--not the whole bundle.
It seems to be working fine, though I've only been running it this way for a few weeks. I also only run a VMware virtual machine with XP running mostly only one program (a major CAD package) so I am not beating on the (virtual) hard drive too much.
From a theoretical standpoint, one would imagine that this approach would have the same issues that Apple might be avoiding by preventing "live" Time Machine backups of a FileVault sparsebundle. (Note that with Leopard, FileVault disk images are no longer sparseimages, but are sparsebundles). So use at your own risk.
Regards.
P.S., Regarding FileVault in general, I don't believe it is "flawed". I've used it from day one, with a >30 GB home folder, and it seems robust to me. It also backs-up upon logout just fine, but I never put my virtual machines in it.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
You've been among the lucky ones, McHargue. I'm sure you've read many stories about data loss or corruption resulting from FileVault use.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2005
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2007
Status:
Offline
|
|
I avoided using FV myself. One bit that gets flipped and your home folder is toast. I use an encrypted disk image. This means my sensitive data is protected (I don't store the password in the keychain). I also have stability by avoiding my entire account be encrypted. TM backups the encrypted disk image.
I've read way too many posts of people who turned it on and either couldn't undo it, or it got corrupted.
|
|
|
|
|
|
|
|
|
Registered User
Join Date: Apr 2007
Status:
Offline
|
|
Center for Information Technology Policy � Lest We Remember: Cold Boot Attacks on Encryption Keys
Abstract Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.
Full research paper
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jan 2003
Location: ~/
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|