|
|
whole disk encryption
|
|
|
|
Senior User
Join Date: Mar 2007
Location: San Jose
Status:
Offline
|
|
I've been looking for a way to encrypt my entire boot disk on MacOS X (or failing that, at least a full partition of my boot disk). So far, no luck. Anybody know of a product that will do this? Thanks.
P.S. Yes, I've checked both FIleVault and PGP. FileVault won't do partition level encryption. PGP won't encrypt partitions on the boot drive.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status:
Offline
|
|
Originally Posted by mfbernstein
I've been looking for a way to encrypt my entire boot disk on MacOS X (or failing that, at least a full partition of my boot disk). So far, no luck. Anybody know of a product that will do this? Thanks.
P.S. Yes, I've checked both FIleVault and PGP. FileVault won't do partition level encryption. PGP won't encrypt partitions on the boot drive.
Why do you want to encrypt the entire boot drive?
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Mar 2007
Location: San Jose
Status:
Offline
|
|
Simplicity. As I said, my /Users partition would work too.
I'd settle for encrypting my home directory. Unfortunately, FileVault insists on using a sparse disk image which makes things slow, and not very reliable, and given that I have 100+ GB of data to encrypt and regularly transfer 10-15GB a week, I'd rather have something more robust.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
You can use FileVault which encrypts the whole user folder(s) and you can also turn on encrypted (secure) virtual memory. That should be pretty secure. I don't see the need to encrypt system files and applications.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: May 2001
Location: Hilbert space
Status:
Offline
|
|
Another problem is corruption: if the disk image file gets corrupted, then this might hose all of your data. There is no encryption on a file-by-file basis (yet?).
|
I don't suffer from insanity, I enjoy every minute of it.
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
Whole disk encryption would be a wonderful option for the Mac. So far as I know, all the products that do this focus on Windows.
WDE is good for preserving confidential information (SOX/HIPAA/etc.) on portable devices. Considering how poorly some U.S. agencies (as in the VA) have protected such confidential information, there should be tons of companies developing such products.
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status:
Offline
|
|
Originally Posted by ghporter
Whole disk encryption would be a wonderful option for the Mac. So far as I know, all the products that do this focus on Windows.
Seagate makes hard drives that have hardware-level encryption.
From this page (emphasis mine):
Security— Security means more than just erecting a firewall. Make sure that your employees use strong passwords that are changed on a regular basis and aren’t shared with other employees. In addition, mobile computers and devices should be encrypted in case of loss or theft. Full-disk-encryption (FDE) solutions encript data on the disk as it’s being written—the ideal way to prevent unauthorized access to data on a lost or stolen laptop. FDE solutions also simplify the process of wiping the drive clean of data when the equipment is retired or repurposed.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Mar 2007
Location: San Jose
Status:
Offline
|
|
Unfortunately, that Seagate drive is only available to OEMs at this point. Further, there's no evidence that it's even Mac compatible yet. So yeah, it looks cool, but so far, no dice.
The best I've come up with is moving my user directory to an external drive and using PGP Whole Disk. Kinda negates the whole point of having a laptop though.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Oct 2001
Location: Dallas, TX
Status:
Offline
|
|
(
Last edited by RealMac; Mar 29, 2007 at 03:42 AM.
)
|
It is in the moments of decision that your destiny is shaped.
www.therealmac.net
MBA Graduate, Creative Thinker, Nice Guy
|
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2001
Location: Vancouver
Status:
Offline
|
|
Any idea what the impact on day to day performance is like with this or is it not even noticable?
Originally Posted by TETENAL
... you can also turn on encrypted (secure) virtual memory...
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status:
Offline
|
|
I've not noticed it, but then again, it has been on ever since I got 10.4.0 so I wouldn't know if it does have an impact or not
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Mar 2007
Location: San Jose
Status:
Offline
|
|
Very instructively, there are now not one but two threads in the main OS X forum about FileVault problems.
RealMac: the problem isn't HFS+. ext3 and fat32 are also listed as not supporting encryption, yet in both cases there are robust partition level encryption solutions. The point is simply that those filesystem doesn't come with a built-in encryption facility.
The way PGP and others work is usually intercepting system calls between the FS and device driver level. This should work with pretty much any FS (obviously performance will vary).
At any rate, I guess my original question is answered: external disk or nothing. Anybody have experience here with PGP on Mac and an external disk? From their forum, it looks like things aren't ready for prime-time yet there either, but... And how about the rocbit or Addonics enclosures that do encryption (or any others I've missed)? Thanks.
(
Last edited by mfbernstein; Mar 29, 2007 at 06:02 PM.
)
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
I really don't trust software to handle the active encryption/decryption of large chunks of drive space. I knew from the outset that FileVault would cause people corruption issues. If I had to have an encrypted drive, I'd only go with a hardware solution like the new Seagate drive referenced above.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|