[moki]

Originally posted by zigzag:
asdasd, thanks for the write-up, but some of the lingo is over my feeble head. What is the meaning/significance of "accessible only by root" and "salted"?

Accessible only by root means that people with ordinary accounts on the machine cannot see the encrypted passwords.

As for "salted" it means that if you enter a short password, information is added to it during the encryption process to make it more difficult to crack.

[yuriwho]

Confirmed! Filevault is buggy

At least in 7b85. I just experienced the same thing Robert reported. I lost my safari bookmarks, my mail inbox (thankfully I use IMAP, but I had to download 10000 mail headers) and several other app prefs. This was after about a week of full time use without problems. Nothing notable occurred to trigger it. This is not normal behavior.

Anyway, I sure hope 7b85 is not GM.

Y

[ablaze]

Originally posted by Cipher13:

I really dislike AES. 128 bit should be enough, I guess... but it's still not great. *I* wouldn't be able to break AES-128, but I'm not worried about me.

AES is like an open door to some people/groups... *cough* No Such Agency *cough*

AES was chosen as a very quick and secure replacement for the DES algorythm (which is hard to beat, either). It was a very open competition in that nearly every important cryptographer on this planet participated.
I don't think it was a NSA sponsored thing. Last not least, AES is an open standard.

[Cipher13]

Originally posted by ablaze:
AES was chosen as a very quick and secure replacement for the DES algorythm (which is hard to beat, either). It was a very open competition in that nearly every important cryptographer on this planet participated.
I don't think it was a NSA sponsored thing. Last not least, AES is an open standard.

It's not the fastest algorithm out there, for one thing. While not NSA sponsored, it is the Government standard, which speaks for itself really.

No doubt Rijndael is a nice algorithm, but... there are better out there. In my unprofessional opinion.

And at only 128 bits...

[sandsl]

Originally posted by Cipher13:
It's not the fastest algorithm out there, for one thing. While not NSA sponsored, it is the Government standard, which speaks for itself really.

No doubt Rijndael is a nice algorithm, but... there are better out there. In my unprofessional opinion.

And at only 128 bits...

Yes there are better encryption algorithms but 128 is perfectly acceptable for the vasty majority of people. What data do you have that is so sensitive it requires encryption in excess of 128 bits?

[Thilo Ettelt]

I have a fundamental question about FileVault. Can files be accessed from the APIs without a password? So could someone write a Cocoa app and open files without authentication? If so then the protection is very useless. Useless because my computer doesn't get stolen and if it does then they could still try to access my user account. Actually your files should be safe of apps too. Trojans, or just simple SSH commands would reveal all the data with ease...

So I'd like to know more under-the-hood details...


- Thilo

[Thilo Ettelt]

Currently, anything you save in X (2.6/2.8) can be accessed if you boot to 9 or another OS. [/B]

Not if you haven't installed an OS9 driver on your OS X HD. It won't mount in OS9 then.


- Thilo

[antisonne]

What do you mean Thilo? If you have OS9 installed on the same hd as X, and if you change startup disk to 9, you can access any file that is in any directory on X in 9...

[ph0ust]

wow, this is a pretty interesting thread. here are my contirbutions:

1. about apple doing a good job on this, i say it's about damn time! this has existed in other operating systems (including windows) for years! it's called efs and it works close to perfectly.

2. being able to encrypt only the home folder is lame, why not whatever i want? if i want my quicken data secure then i have to encrypt the backup/cache files it makes, which fv won't let me do. so now i encrypt my home folder and some hacker gets on my box and just looks at my backup files.... great.

3. about worrying about losing files if you can't login, keep a backup!

4. if your login is compromised you should, in theory, always be able to get your encrypted data back, even if you have to move it to another computer. i am not sure about apple's implimentation, but just about all others decrypt the data from your password, which is stored as a hash, which is created from using a hash algorithm that is standard to the operating system. move your [encrypted] data, recreate an account with the same password, thus creating the *same* hash to decrypt your previously encrypted files.

5. question: i don't want ALL of my home directory encrypted. does fv let me not select certain folders, like my mp3s?

[Simon X]

Originally posted by antisonne:
What do you mean Thilo? If you have OS9 installed on the same hd as X, and if you change startup disk to 9, you can access any file that is in any directory on X in 9...

What Thilo is getting at, and please correct me if I'm wrong, is that in X you can format your drive so it cannot boot up into 9. Classic still works. Therefore if the OS 9 drivers are not installed you will not be able to access the drive from either booting into 9 or even booting off a OS 9 CD.

You can see the option Install Mac OS 9 Drivers option in Erase tab in Disk Utility.

And another issue�

DiskWarrior. When booting of the DW CD it currently can fix any errors on the files inside your Home folder. But of course if it's encrypted with FileVault all it can see is one file when it boots off said CD.

I assume there would need to be an updated DW to resolve this issue. Or, is all this a moot point. Does the encryption FV use contain any error checking which significantly minimises individual file corruption?

[ph0ust]

Originally posted by Cipher13:
Another query...

Say you have a 10GB file in your Home dir, that is now encrypted.

When you want to use it... what happens?

Is it decrypted/re-encrypted on the fly? (Bad for performance).

Is it decrpyted, and the encrypted "copy" removed? (Bad when you've finished with the file, as it would need to be re-encrypted).

Is a "copy" decrypted, with the encrypted copy remaining? Meaning... you need 10GB of free space, minimum, to watch a 10GB movie?

typically, only the file requested (i.e. not the whole directory) is decrypted into memory. you work on it, close the file and it is restored to its encrypted state.

the way to determine a robust file encryption system though is by what happens after you close the file... is their a decrypted cached copy somewhere (like a temp file)? does it purge all plaintext versions from memory and the disk? encrypting data is only as robust as the operating system operational requirements. this is a problem with the ms implimentation- there are often temp files or ghosted copies left in random places.

[Simon X]

Originally posted by ph0ust:
wow, this is a pretty interesting thread. here are my contirbutions:

<snip.

2. being able to encrypt only the home folder is lame, why not whatever i want?

<snip>

Don't forget OS 9 had this feature, the ability to encrypt any file from the Finder. I figure it eventually does make a comeback.


That and the geeky, yet useless, voice password.

Everyone repeat after me - "My voice is my password. Verify me."

[ph0ust]

Originally posted by Cipher13:
I really dislike AES. 128 bit should be enough, I guess... but it's still not great. *I* wouldn't be able to break AES-128, but I'm not worried about me.

AES is like an open door to some people/groups... *cough* No Such Agency *cough*

sure, there are stronger encryption algorithms out there, but do you realize what is necessary to break 128 bit aes?!?! you need luck or a sh!t load of processing power and a whole lot of spare time.

no hacker is going to try and crack aes to get someones personal junk. if you work for the government or a company with particularly sensitive data you will have another standard that has been adopted and not even think about using apple's weak implimentation.

[sandsl]

Originally posted by Thilo Ettelt:
Can files be accessed from the APIs without a password? So could someone write a Cocoa app and open files without authentication?

No of course that isn't possible, next stupid question.

For those with indepth technical questions: Apple have not released technical information about FileVault, thus very little info is available.

For those wanting to encrypt single files/folders: this is perfectly possible in 10.2 and 10.3 with encrypted disk images.

For those wanting to exclude folders from FileVault encrypted home directories: We are talking about a 1.0 version, the ability to exclude folders will surely come in a future version. It the mean time, put your music library in the shared folder if you want to use FV without encrypting your music.

[danengel]

Does the encryption FV uses contain any error checking which significantly minimises individual file corruption?

They probably won't implement this. I don't think error correcting codes can be implemented efficiently in software. Encoding + encryption in the same algorithm might be possible, though, but AES doesn't support it.

[zigzag]

Originally posted by moki:
Accessible only by root means that people with ordinary accounts on the machine cannot see the encrypted passwords.

As for "salted" it means that if you enter a short password, information is added to it during the encryption process to make it more difficult to crack.

Thanks, moki - we all have to start somewhere.

[antisonne]

Ok, but back to the original point, it still serves a great purpose because there are still people who want to boot into 9 too... (At our mac lab about 1/4 of the students boot into 9 instead of X because they like 9).

[danengel]

At our mac lab about 1/4 of the students boot into 9 instead of X because they like 9

What, philosophy students?

[Cipher13]

Originally posted by Simon X:
DiskWarrior. When booting of the DW CD it currently can fix any errors on the files inside your Home folder. But of course if it's encrypted with FileVault all it can see is one file when it boots off said CD.

Moot point, I imagine - it's just another file. The fact that your home dir is in the image is totally irrelevant.

There may be errors within the image, sure - but you could probably scan the mounted image seperately.

Originally posted by ph0ust:
typically, only the file requested (i.e. not the whole directory) is decrypted into memory. you work on it, close the file and it is restored to its encrypted state.

So it's not on the fly then?

Somebody said it was. That's the issue - even if it's the single requested file being decrypted, if that file is 10GB, you're screwed (maybe...).

Originally posted by sandsl:
For those wanting to encrypt single files/folders: this is perfectly possible in 10.2 and 10.3 with encrypted disk images.

That's not a solution. Open Disk Copy, create new image, set up new image, copy files, unmount image. Pfft.

In OS9 you could highlight the file, and encrypt it. THAT is what OS X needs. There's no reason NOT to have that.

[l008com]

Originally posted by zigzag:
That's good to hear - I always wondered why it was treated as a separate utility called "Disk Copy" anyway, since it can do more than that.

History Lesson. The app Disk Copy was not originally an Apple program. It was a 3rd party program that was created as a faster way to duplicate floppies. It allowed you to read an image of a floppy then create multiple copies of it. This grew into making images of other disks. At some point, probably 8.0, Apple bought the program. And since OS X its really more of a Disk Image Utility than a Disk Copying Utility. And I bet if I look around hard enough, I could find a really really old copy of a Pre Apple Disk Copy app here somewhere.

[Gee4orce]

Originally posted by ph0ust:


5. question: i don't want ALL of my home directory encrypted. does fv let me not select certain folders, like my mp3s?

Not as such, but what you can do is keep your MP3s outside your Home folder - ie. in the Shared Folder, and tell iTunes that that's where you keep your music. I do this on my desktop machine.

[darndog]

I noticed a lot of people are commenting that they have no wish to encrypt their mp3 collections, The first thing I did after getting iTunes was to change the default music folder to a folder outside my Home, I have 2 disks separated into 4 partitions one of them is named 'Music', and after filling that up (20GB) I changed the location again to a new "Music" folder on another partition named 'vault'. iTunes now rips mp3's to the folder on vault but still accesses the mp3's on the original "Music" partition. I really can't see the point of keeping music inside your home directory unless you don't want other users to have access to it.

Anyhow, thought this may be of some use to somebody...

[darndog]

Doh!

[Simon X]

Originally posted by darndog:

Anyhow, thought this may be of some use to somebody...

Wow. And there was me complaining about video capturing to an encrypted Home folder. Totally forgot about the shared folder. Of course, that's the way round FVs Home folder encryption. Thanks for reminding me, I'll start investigating this.

[HiRez]

Originally posted by Simon X:
Wow. And there was me complaining about video capturing to an encrypted Home folder. Totally forgot about the shared folder. Of course, that's the way round FVs Home folder encryption. Thanks for reminding me, I'll start investigating this.

So if I put all my music in /Users/Shared/Music, they'll be available to all users?

[eevyl]

Originally posted by ph0ust:
2. being able to encrypt only the home folder is lame, why not whatever i want? if i want my quicken data secure then i have to encrypt the backup/cache files it makes, which fv won't let me do. so now i encrypt my home folder and some hacker gets on my box and just looks at my backup files.... great.

Since Jaguar you can actually encrypt any data you like, for free.

Just make an encrypted disk image and use it. Apple didn't market it enough, but it is basically the same as FileVault but with more control.

[eevyl]

Originally posted by HiRez:
So if I put all my music in /Users/Shared/Music, they'll be available to all users?

Yes. And if each user puts an alias of the iTunes Music folder in his/her user music folder he will be able to use it.

That's the purpose of the Shared folder...

[workerbee]

Dummy question: what is the advantage of implementing file encryption the way Apple does (using an encrypted disk image transparently for the ~home folder, if I understand correctly) over what Microsoft does with EFS, where the OS is using an encrypted file system (again: if I get this correctly)?

Or asked another way: what are the respective approaches' advantages and disadvantages?

TIA for any enlightment!

[Thilo Ettelt]

Originally posted by eevyl:
Yes. And if each user puts an alias of the iTunes Music folder in his/her user music folder he will be able to use it.

That's the purpose of the Shared folder...

But there you go! Since File Sharing (apps) will be able to decrypt the files (since there is no authentication done it will happen without knowing it) your data won't be that safe.


- Thilo

[eevyl]

Originally posted by Thilo Ettelt:
But there you go! Since File Sharing (apps) will be able to decrypt the files (since there is no authentication done it will happen without knowing it) your data won't be that safe.

Of course, in a "Shared" enviroment your data won't be safe.

The same in real life, drop your notebook in a "Shared" enviroment, let's say a coffee shop, and walk away. Your precious won't be very secure...

[asdasd]

Of course, in a "Shared" enviroment your data won't be safe.

The same in real life, drop your notebook in a "Shared" enviroment, let's say a coffee shop, and walk away. Your precious won't be very secure...

Of course. If you put stuff in the shared folder it will be unsafe, as you suggest - so you put un-important stuff there. which is actually most of your stuff.


As I suggested previously - this should be handled by the application. In iTunes, you should be allowed to share some music, or all music, with any user of that machine. Would work better for Fast User Switching as well.

[labon]

Originally posted by Robert Hicks:
Guys, I have been slapped by FV three times and thats enough for me.

The first time was in 7B70(or near that build). I had FV working for a few days and loving it. One night, the machine locked up hard(Ti 800/1gb/60gb) so I did a power off and power on. When I logged in, I was horrified to see the default dock and background. My old home directory was GONE. I was pissed but hey, it is a beta so I just stopped using the FV feature.

The second and third time was with 7B85. This is supposed to be the GM build. There have been plenty argue that it is not. In any case, I thought it was close enough to GM. FV was turned back on. In testing, I did various hard resets to see if my home would be trashed again. It wasn't in any of the tests. This was great! This feature alone(being a PB owner) is enough to warrant the $129 pricetag.
Usually when you logout of the system, FV wants to "reclaim" space in your home directory. The first couple of times I told it no. I wasn't sure how long this would take and needed to take the Tibook and go. One night, I decided just to logout and let it reclaim space to see how long it would take. It ran fine. I logged back in and continued to work. Two days later, I got slapped. I logged out and let it run. I then shut the machine down for the night. I normally just let it run or put it to sleep. I'm not sure why I did a shutdown this time. After watching tv for an hour or so, I decided to go back and do more work. I turned the machine on and logged in. The changes to the dock were gone! The default backdrop was back, my safari bookmarks were gone, and mail.app was asking me to configure my mail accounts! Something is just not right here. All of my files on the desktop(pictures, .sit, dmgs) were fine. They launched or decompressed without problems. I decided to turn off FV and wait until my boxed copy arrives and watch the boards for others to complain. After decryption and relogin, most of my desktop files that I had just checked were trashed. Stuffit Expander complained about the files being corrupted. A very few of the files *were* readable and appeared to be fine. I'm guessing that the "bad" files were still encrypted somehow.

I am finding it hard to believe that my most recent 7B85 experience will not be limited just to one user. I hope nobody else has to go through this with their live and important data. Just be careful when using this option!

RH

I had exactly the same experience withe the 7B85. And as you, I'm looking for more users experiences with FilVault and the Final version of Panther

[ja]

When I logged in, I was horrified to see the default dock and background. My old home directory was GONE

I've been waiting for this for a long time and have tried 2 other methods of home directory encryption in 10.2.x - neither of which were entirely satisfactory [I'm pretty sure there are old threads here with that info somewhere]

Anyway - I also completely lost my home directorY after one day of file vault!!
It was also the only admin account on my machine so I was left in the ridiculous situation of having no admin privileges watsoever on the computer - ie no netinfo, or other little tricks that I migh have tried, inc reinstalling the os from cd

Eventually I booted in os 9 [thank goodness -older powerbook] and found my home directory as a sparseimage file in a 'dot' folder - hence hidden in os x. I saved this and after backing up the other home directories on the computer reinstalled everything from scratch, recreated my user account and mounted the sparseimage to retrieve the files

Now if anyone knws of a better way that I could have done this please tell me but luckily I am back up and running where I left off

Unfortunately I am not confident to turn on file vault again
I have been using encrypted dmg's for some time and will just have to keep using them for a while to store my work info
They are not inherently good for addressbook, mail etc so that is why I liked the idea of one simple filevault

[stew]

Originally posted by Disgruntled Head of C-3PO:
I am just talking about FileVault, who wants to encrypt ALL there work with a 1.0 product? Not me!

Ever heard about backups? Data loss can happen just as well without FileVault.

[workerbee]

Originally posted by stew:
Ever heard about backups? Data loss can happen just as well without FileVault.

Yes, but it seems to me that making the chances of data loss bigger (by using a disk image, which can get corrupted itself) may not necessarily be a smart move.

[elmer]

I am really sorry I played with FileVault - should have waited a few months.
It changed the ownership of most of the files/folders in my home directory to root. After disabling it, they stayed that way. I believe that's the main reason all my preferences SEEMED to be gone. After I put the ownership back to my own account using 'chown -R', everything's back to normal, I think ...

Fairly unscathed yet humbled in Toronto

[ticedric]

I stoped using File Vault after my experience :

- my 1.2 GB home was encripted and when I logued out and loged back in, evrything was like a new user and there was a encripted disc image that I could enter with my password.

I loged back out/in and everything was fine. still scary.

Also, the file vault kept saying it was using too much space....even though I have over 20 GB of free space.

Also, my computer would not recongnise the space the encripted image was taking.


When I do use file vault again I will back up the FV every week. I dont want a corupted image.

[dharknes]

Originally posted by workerbee:
Dummy question: what is the advantage of implementing file encryption the way Apple does (using an encrypted disk image transparently for the ~home folder, if I understand correctly) over what Microsoft does with EFS, where the OS is using an encrypted file system (again: if I get this correctly)?

Or asked another way: what are the respective approaches' advantages and disadvantages?

TIA for any enlightment!

First let me MS wasn't the first to do an EFS. I think we have one of the BSD Unices to thank for that. Someone correct me if I'm wrong.

Now to the question. I hate to say it but in this case I think MS has done a better job here. This is why

1. MS followed the unix world, the way EFS works on Unix (BSD, Linux) and Windows is that the encryption is controlled an extended attributes. If the attribute is set the OS encrypts that file and ONLY that file. With FV being a single disk image if the image file gets corrupted that you loose EVERYTHING. In the DOS world many years ago MS shipped a product called Doublespace that compressed your hard disk, using a disk image solution. I watched many a user loose ALL their data. With a per-file encryption the on-disk file integrity can be verified with-out decrypting the file.

2. MS solution is more flexible. By using the meta-data in the filesystem the system can be expanded. MS also offers build-in per-file compression. Whatever the next big technology is can easily be added, it's just another file attribute in the meta-data, and a kernel extension.

3. MS solution has the potential to be faster. I havn't tried FV yet, but it's on my todo list, so I can't comment on the speed. But MS' solution, since is done file by file and as attributes on filesystem. The encryption can take place completely in the background. So the system can cache the data and wait for low CPU activity before committing the data to disk. In some case unencrypted data can be temporarily stored on disk for later encryption. This would be especially true if a large number of people were accessing the filesystem simultaneously.

Now I'll close with my same opening. MS didn't invent these feature and they don't have the best solution. And Apple's solution does have one advantage, at least in the Mac world it maintains compatibility with earlier system. I would imagine that I could open a FV home directory on a 10.2 system, it would be hard but it could be done. Where as MS' EFS only works on XP and newer.

Maybe once Apple moves to whatever the next filesystem is after HFS+, maybe a true unix FS, or maybe something more BFS like we'll get build-in compression and encryption. But until then FV is a great start.

Oh and for the AES debate. AES is a Department of Commerce standard, but it was sit by industry. The DOC selected the finalists and the encryption community got to vote on which one they wanted. Here is a quote from the Rijndael website.

"The cipher has a variable block length and key length. We currently specified how to use keys with a length of 128, 192, or 256 bits to encrypt blocks with al length of 128, 192 or 256 bits (all nine combinations of key length and block length are possible). Both block length and key length can be extended very easily to multiples of 32 bits.
Rijndael can be implemented very efficiently on a wide range of processors and in hardware."

Apple just doesn't give you a choose for longer keys.

[dtsblue]

Originally posted by Warrenpeace:
I had it turned on and it screwed up a lot of my home folder. Luckily I hadn't moved a lot of files back after the install, but it erased a lot of preferences and I had to set up the prefs, import mail and sync to get all my bookmarks and addresses again. A lot of hours of hassle.

Same here. It not only screwed up preferences the first time it was turned on but constantly while it was running. After restarts i lost all my mail settings including mailboxes, rules etc, my ical calenders, my dock, expose and desktop settings. Also, at one point all icons in the finder sidebar showed up as diskdrives and other crazy stuff. To add insult to injury, once i turned it off there were again mailboxes lost in mail.app and all my rules were gone. I cannot believe Apple would release such crap. I mean, who tested this fricken thing. I'm quite pissed off since i wasted hours of my time.... Don't use it, sooner or later you'll be posting here about some major screw-up too.

[turtle777]

Originally posted by Robert Hicks:
Guys, I have been slapped by FV three times and thats enough for me.

The first time was in 7B70(or near that build). I had FV working for a few days and loving it. One night, the machine locked up hard(Ti 800/1gb/60gb) so I did a power off and power on. When I logged in, I was horrified to see the default dock and background. My old home directory was GONE. I was pissed but hey, it is a beta so I just stopped using the FV feature.

RH

EXACTLY this happened to me 4 times with the Final Release version.

Then I switched it off. Not gonna touch it anytime soon...

-t

[RoofusPennymore]

Only had to loose my mailboxes once to decide not to use it again. Can't believe that Apple didn't test this enough.

[barbarian]

What happens to file vault files if your hard drive dies and you have to use a disk recovery program like Data Rescue to search for files?

Are you just screwed?

Also what are the benefits of file vault over open firmware passwords?

[bcaslis]

I used Filevault for a few days but had to turn it off.

I too had an experience that it wiped out my Safari preferences.

But more important to me are some application incompatabilities. Some apps start littering files or folder in my home directory since they see it as a disk root. Dreamweaver sites have to be redone since they see the path to files with your home as a root disk now. But the worst thing to me was that all the fonts in your home library are not visible at all to applications (including Apple's Font Book). I'm guessing this applies to sounds and other resources also.

I know you can put them in the top level folders, but the purpose of my home is for my stuff and it makes backups easier. I'm very surprised that Apple missed this ease of use problem or that least that it's not documented somewhere.

[workerbee]

Originally posted by dharknes:
I hate to say it but in this case I think MS has done a better job here.

That's what I thought (feared? ), but in much simpler terms, of course.

3. MS solution has the potential to be faster. I havn't tried FV yet, but it's on my todo list, so I can't comment on the speed.

According to c't, using FV can slow down disk access up to 50%. Combine this with the general tone of postings in this thread, and I don't think I'll turn FV on soon, even though the general idea would make perfect sense -- I'm carrying around all my data including access to dozens of websites on my PowerBook.

Thanks a lot dharknes for your explanations, much appreciated!

[dole]

FileVault screwed my Panther up pretty good. I had to reinstall Panther to get it fixed. I was still getting these errors even after I disabled FileVault. I was losing all my prefs, getting keychain errors, I couldn't download any files without getting errors. I think I will stay away from this for awhile. I made a post about it Here explaining my situation a little better. Preview was totally screwed up after turning on FileVault.

[MacUserPanther]

I understand that when FileVault is turned on, the home directory is replaced as an encrypted disk image. However where is that image actually mounted? I see that there is a FileVault alias but am wondering where the actual mounted volume is located. ie. can you have a mounted volume in a volume like your HD? Can you search for this volume in the Terminal window like you can for a hidden "." file?

Does anyone understand the mounting process and can explain this for me?

Thanks!