|
|
Filevault performance, behavior
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Does having Filevault on degrade performance at all? Have any of you crazy benchmarkers put it though its paces yet?
What happens when you copy a file from a Filevault protected home directory to a non-FV protected system? Will it decrypt the file as it is transferred? What happens when you move from one FV protected system to another? Does it decrypt and then re-encrypt?
Clearly, my knowledge of this technology is lacking. Anybody care to enlighten me?
(
Last edited by besson3c; Oct 4, 2003 at 08:29 PM.
)
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Apr 2001
Location: europe
Status:
Offline
|
|
Obviously the performance will be slower with FileVault (maybe not noticeable, I don't know). But since FileVault only encrypts the home folder, not the System folder or the Applications folder, it probably doesn't matter. Saving a Word document every 15 minutes doesn't make much a difference if it takes slightly longer. The same with preference files which are very small and not that often accessed.
|
Nasrudin sat on a river bank when someone shouted to him from the opposite side: "Hey! how do I get across?" "You are across!" Nasrudin shouted back.
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Apr 2000
Location: Bronx, NY 10471
Status:
Offline
|
|
it said i needed 10 gigs free to do it, only got 6.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Aug 2001
Status:
Offline
|
|
Your browser cache and many other large temp files also go in your home folder. So there may be a performance hit.
Does file vault work by decrypting the entire folder when you log in, then encrypt when you log out? This is the impression I got from what Steve said at the keynote. But wouldn't it be much better to make the home folder an encrypted volume like Disk Tools does.
|
"I warned them kids to keep their arms inside the ride. Damnedest thing I ever saw."
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Jan 2003
Location: Hong Kong
Status:
Offline
|
|
I didn't notice any speed different after turning FileVault on on my iBook 800 30GB stocked HD, 640MB. Actually FileVault is a disc image of your home folder which only created on the first time your enable it. Then it will encrypt the files on the fly when ever you have access to your home folder. It acts like normal home folder.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2003
Location: Santa Barbara
Status:
Offline
|
|
(
Last edited by bracken; Oct 6, 2003 at 10:49 AM.
)
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Oct 1999
Location: :ИOITAↃO⅃
Status:
Offline
|
|
So does FileVault only decypt the image when you log in at the machine, or can you still SSH in?
|
|
|
|
|
|
|
|
|
Junior Member
Join Date: Aug 2002
Status:
Offline
|
|
Originally posted by bracken:
I made a directory called /Users/Shared/.caches then made a link from ~/Library/Caches to /Users/Shared/.caches. That will keep it out of the FileVault. I'm also thinking about doing the same with ~/Library/Logs, etc. It may not be necessary at all with my system, just testing...
From a security standpoint this is a VERY bad idea. If someone has access to your cache and logs then they can see what websites you've visited, the commands you've run, depending on the applications you use different amounts of information will be logged. This is why very secure OSes like OpenBSD encrypt EVERY thing. They encrypt you data files, the system memory, and the system swap file. All to prevent someone from getting "leaked" information.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2003
Location: Santa Barbara
Status:
Offline
|
|
(
Last edited by bracken; Oct 6, 2003 at 10:50 AM.
)
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2003
Location: Santa Barbara
Status:
Offline
|
|
(
Last edited by bracken; Oct 6, 2003 at 10:50 AM.
)
|
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Sep 2000
Location: New York, NY USA
Status:
Offline
|
|
It's be awfully nice if you could set Filevault to encrypt only select directories in ~/.
|
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Oct 2000
Status:
Offline
|
|
1. So, when accessing a HD in FireWire Target Disk Mode, all I'll see is an encrypted image of the user's home directory? Can it be backed up and decrypted on another machine?
2. When ssh'ing to such a machine, there should be a way of authenticating so that the files are accessible. They can't just kill SSH!
3. Files are encrypted on-the-fly, not after logout, right? Otherwise a lost, sleeping PowerBook would be as vulnerable as with FileVault turned off.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
Originally posted by bracken:
You're 110% right. (And OpenBSD is very cool.) This isn't a production machine or anything so I'm willing to risk it.
...in which case, why the hell bother with FileVault at all?
If you're deliberately opening it up because security isn't important, why run it in the first place?
-s*
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2003
Location: Santa Barbara
Status:
Offline
|
|
(
Last edited by bracken; Oct 6, 2003 at 10:51 AM.
)
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Oct 1999
Location: WI
Status:
Offline
|
|
I have found that FileVault won't create the first time if you have Autoprotect on in Norton AntiVirus. If you turn AutoProtect off then turn on FileVault it will work fine. It seems that after FileVault is turned on you can then turn Autoprotect back on.
|
1.6ghz G5 Power Mac/1.5GB RAM/Superdrive
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
Originally posted by bracken:
You're joking right?
[...]
There's lots of reasons to use it. Important documents, letters, and emails for example.
No, actually, I wasn't joking. No need to get all condescending on me, really.
I was going by this:
"If someone has access to your cache and logs then they can see [...] the commands you've run, depending on the applications you use different amounts of information will be logged."
If you care enough to secure all your "important" documents, you're gonna let MS Word dribble a bunch of info into an unsecured cache file for the sake of a few milliseconds of speed gain?
I realize it's all about *levels* of security, so of course it's your prerogative to do this. It just seemed somewhat illogical to me.
No offense intended.
-s*
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Dec 2000
Location: Staffs, UK
Status:
Offline
|
|
Well, I turned on FileVault - ssh works fine (at least, when that user it logged in at the machine, and I ssh in from another machine)...
...but, mounting my directory from Windows shows nothing, and I get 403 Forbidden if I try an open my user's web page. Not good. Worse, I can't seem to get back into the Secutiry preference pane to turn it off again
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Originally posted by tsheley:
I have found that FileVault won't create the first time if you have Autoprotect on in Norton AntiVirus. If you turn AutoProtect off then turn on FileVault it will work fine. It seems that after FileVault is turned on you can then turn Autoprotect back on.
The question is: which offers more security - Filevault or NAV?
Or maybe, which provides some security and which just hangs around and does nothing?
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Sep 2000
Location: San Francisco
Status:
Offline
|
|
I haven't tried FV yet, but I'm concerned about not being able to share web pages or SSH into my account. Anyone do any more extensive explorations of these issues?
kman
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2003
Location: Santa Barbara
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
Originally posted by bracken:
Aimed at me?
clarify.
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Oct 2001
Location: Over there
Status:
Offline
|
|
I asked this before in another thread but no one replied...
Whilst I'm really looking forward to FileVault I nevertheless have one major concern, video capture. Sure, I'll be using my external drive most of the time, but every no and then I may have to use the internal. And there's one thing you don't want when capturing or playing back video and that is any realtime encryption overhead impacting on this time-critical process.
I suppose they only way round this is to capture to the root of the hard drive which remains outside of the Home folder? Not exactly the most elegant solution. But will your average user be aware of this? After all, OS X wants us by default to save video to the Movies folder in the Home folder. And the Desktop is out too since this is also inside the Home.
As someone else has said, it would have been really nice to specify a folder not to be encrypted with FileVault. 10.4 perhaps?
|
|
|
|
|
|
|
|
|
Baninated
Join Date: Jul 2002
Location: The Moon
Status:
Offline
|
|
I was hoping for just a app that lets you drag files to protect them. Not everything in my home folder do I want "protected"
You need 10 gigs free? That is silly.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2000
Location: Edmond, OK USA
Status:
Offline
|
|
Originally posted by bracken:
It's kind of childish to engage in a public forum then go back and delete your messages because you don't like the outcome.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2000
Location: Edmond, OK USA
Status:
Offline
|
|
Originally posted by kman42:
I haven't tried FV yet, but I'm concerned about not being able to share web pages or SSH into my account. Anyone do any more extensive explorations of these issues?
kman
Relax, everybody. When Apple says login they are referring to the console as well as a login shell. Once Apple gets this working correctly the following should be true:
1 - Logging into the console or via ssh gives access to home directory files.
2 - Other users always have access to the Public/Drop Box files.
3 - public web sites are shared properly.
4 - All encryption/decryption is done on demand, on the fly.
5 - Home directories accessed via the network with the proper credentials will give clear access.
It sounds like Apple may have a while to go before all these are achieved, but I can't imagine Apple releasing it before they get to this point.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Jun 2002
Status:
Offline
|
|
Originally posted by absmiths:
It sounds like Apple may have a while to go before all these are achieved, but I can't imagine Apple releasing it before they get to this point.
Oh ye of blind faith.
Apple screws things up and releases half functional features just like everybody else, I just happen to like their half functional products better than that other company's
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2000
Location: Edmond, OK USA
Status:
Offline
|
|
Originally posted by Mike S.:
Oh ye of blind faith.
Apple screws things up and releases half functional features just like everybody else, I just happen to like their half functional products better than that other company's
Granted, but if any of the above were not implemented it would not be a half-implementation, but rather a nearly worthless one. I don't suspect that is the case, however, since Apple made such a big deal about it (Can't back out now) and GM is out so we will see.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Dec 2000
Location: Staffs, UK
Status:
Offline
|
|
Points 3 and 5 do not work currently, sorry ! Well, at least network access from Windows doesn't.
I finally managed to turn off FileVault somehow, but it wasn't easy. I copied all my files back out of the disk image it created (turning if off is supposed to do this automatically, but it didn't).
I suppose filevault works for those people it's intended for - laptop users who want to secure their documents. I just happen to use my laptop as a mobile web development system, so I need the web site to work, and to be able to access it via SMB.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: May 2001
Location: Brisbane, Australia
Status:
Offline
|
|
To all the people who want to encrypt certain files: It is not at all hard to create an encrypted disk image. Just put it in your documents folder and mount it whenever you need it. Then unmount it whenever you don't. If FileVault is anything like working with encrypted disk images, I can't imagine much of a speed impact at all. Seeing as all my encryption needs are served by such an image, I have not bothered to turn on FileVault.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Oct 2001
Location: Dallas, TX
Status:
Offline
|
|
I'm wondering how filevault will work with disk repair utilities. Really about the overall implementation of the system.
What level of encryption are they using for it?
Will an encrypted file still have the same traits as a non-encrypted one and what not?
Will some shoddy repair programs think the files are corrupted?
|
It is in the moments of decision that your destiny is shaped.
www.therealmac.net
MBA Graduate, Creative Thinker, Nice Guy
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Nov 2000
Location: Seattle, WA, USA
Status:
Offline
|
|
I just did some quick tests with File Vault on 7B85. With it on and myself logged out of the computer I couldn't connect to the personal web site. I could SSH into the machine, but my homedir only contained an encrypted disc image. Performance also seemed to suffer when I tried to copy a large file in my homedir.
-matt
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: May 2001
Location: uk
Status:
Offline
|
|
Originally posted by Simon X:
I asked this before in another thread but no one replied...
Whilst I'm really looking forward to FileVault I nevertheless have one major concern, video capture.
create an account with an unencrypted home folder and fast switch to it when you need it
or
capture to the shared folder
or
capture to a different hd, better for speed anyway
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: May 2001
Location: uk
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2000
Status:
Offline
|
|
Originally posted by Zimphire:
I was hoping for just a app that lets you drag files to protect them. Not everything in my home folder do I want "protected"
You already have one - open up Disk Copy and create a disk image of whatever size you need. Enable the encryption feature and you'll be prompted to create a password. This creates a secured volume that you can mount/open as you please (after entering the password) and drag your files into. Just don't keep the password on your keychain and it should be secure, at least that's my understanding.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|