[MPMoriarty]

I think the File Vault feature in Panther is very cool and such a great idea to make protecting your data simple. But I recently thought of something that concerns me...

I know that in Jaguar if you forget your login password, all you have to do is boot from the CD and reset it.

Now I'm assuming Panther works the same way. And doesn't File Vault use your login password to open your encrypted home directory?

So if someone would need to access your File Vault protected home directory, they would just boot off a Mac OS X cd and reset your password. Is this possible? Or does File Vault actually have a safe guard built into it to protect you from this?

[Earth Mk. II]

FileVault is actually a 128-bit AES encrypted disk image that takes the place of your home directory.

I don't use it personally, but I believe the password is independent from your login account's password and typically unlocked, along with your keychain, upon login.

I doubt only resetting your password will alter the filevault's password. I could be wrong though.

[mrgaskell]

During the 'Night of the Panther' at the Apple Store here in Denver, the guy from Apple (in Cupertino) said that if you forgot your password, you were screwed and it would take "13 trillion years" for the current best decryption software to open your home folder. Better not forget it!

The only workaround would be to reinstall over it and start anew.

[NY152]

Originally posted by MPMoriarty:
I know that in Jaguar if you forget your login password, all you have to do is boot from the CD and reset it.

So if someone would need to access your File Vault protected home directory, they would just boot off a Mac OS X cd and reset your password.

That is an excellent question which I would love the answer to as well. Although there is an application Apple provides to restrict this feature. I however do not have the URL. Anyone?

[SkullMacPN]

Originally posted by MPMoriarty:
I know that in Jaguar if you forget your login password, all you have to do is boot from the CD and reset it.

So if someone would need to access your File Vault protected home directory, they would just boot off a Mac OS X cd and reset your password.

If you reset your login password via this method, the File Vault password is not changed. Therefore your data remains safe.

[dtriska]

http://docs.info.apple.com/article.html?artnum=135054

[zigzag]

I haven't tried FileVault so I don't know exactly how the set-up/log-in procedure works, but from what I've read the encryption itself is, for all practical purposes, absolutely secure and cannot be bypassed.

The weak link is your password. While it might take a trillion years to decrypt the AES, it won't take a trillion years to decrypt a weak password. Make sure you create a strong password (a long mix of letters, numbers, and symbols).

Note that you can protect individual files the same way by using Disk Utility to create an encrypted disk image.

[LightWaver-67]

My understanding is that it's much more secure than most people will ever need... and no, you cannot just reinstall or boot from a CD to defeat it.

The 128-bit Encrypted disk image itself cannot be cracked or hacked into... BUT... your best bet is to have a nice, long, confusing password that YOU will remember.

This password is your entry. If you have a dog named Fido, and you make your User login Fido and then make your disk image (File Vault) password Fido... well, you're just ASKING for trouble.

I cannot speak for how secure user password information is stored or it's ability to be hacked... but if you use a password OTHER than your "typical" password(s) and make it long, like: ThIsIsMyPaSsWoRd2486 and use capitalization and mixed alpha-numerics, you may be a bit safer.

I guess my point is... the biggest security flaw (in my opinion) is legitimate access. People figuring-out your password. I'm pretty convinced that this disk image cannot be "Pried-open" via hackers or thieves without a password.

FAILSAFE! Well... if this is a "company" computer, your IT Department will most-likely want you to use a MASTER password in addition to your personal one. This is kind-of a SECOND password that sits alongside yours that can be used to access the data.

Its great for IT departments so they can have ONE master password that they keep on-file (or multiple, for security reasons) in the event that an employee quits or is fired, they have access.

[Arkham_c]

A good article on FileVault is here:

http://www.macdevcenter.com/pub/a/ma...filevault.html

[Pierre B.]

Originally posted by zigzag:
Make sure you create a strong password (a long mix of letters, numbers, and symbols).

So that to make sure you forget it in a couple of days if you don't write it down in paper . Certainly the strong password is the best security in such situations, but you have to find a way to recover it in case you forget it (for example writing it in paper in a safe place).

[LightWaver-67]

Well considering the topic of discussion, that's a 'given', isn't it...?



The whole premise of this discussion is how the security cannot be bypassed WITHOUT the proper password(s)... so the user's ability to recall the password is paramount to the ability to recover any data.

If you choose something so easy that you'll NEVER forget it, but other people can easilly figure it out.... why bother? Adversely, if you haphazardly generate a random password like:
rig4YsB98mmX and it has no meaning to you and you DON'T write it down...? you're begging for trouble.

Lastly... since Keychain decrypts it on-the-fly when you log-in... it doesn't matter HOW tough your password is, if other people know your USER password, Keychain will open it like a (place sexually explicit metaphor of easy woman here).

*Sorry ladies.

[ryaxnb]

http://www.versiontracker.com/dyn/moreinfo/macosx/12932
The Open Firmware Password utility, by Apple. This should block attempts to bypass the security by resetting the password, by not allowing you to boot any way other then the normal way without a password.
P.S. I'm fairly sure if a hacker can reset the password using the OS X install CDs, he can get the encrypted information, because OS X automatically "opens the FileVault," that is, makes the data unencrypted.

[proton]

Originally posted by ryaxnb:
P.S. I'm fairly sure if a hacker can reset the password using the OS X install CDs, he can get the encrypted information, because OS X automatically "opens the FileVault," that is, makes the data unencrypted.

OS X can not unlock the FileVault disk images without your password. Without the password, OS X does not have the decryption key to unlock the FileVault, and it's contents are unreadable.

The only exception is if a master password is set on the machine, that password can be used as well as the user's login password to unlock a FileVault.

- proton

[ryaxnb]

Originally posted by proton:
OS X can not unlock the FileVault disk images without your password. Without the password, OS X does not have the decryption key to unlock the FileVault, and it's contents are unreadable.

The only exception is if a master password is set on the machine, that password can be used as well as the user's login password to unlock a FileVault.

- proton

Exactly - using the Reset Password function couldn't he get your passwords?

[Axo1ot1]

Either way, almost nobody here is cool enough to actually need robust file encryption. If yo had highly sought-after intellectual property you might need that, but since virtually none of you do, the point is moot.

And no you don't have cool friends either.

[proton]

Originally posted by ryaxnb:
Exactly - using the Reset Password function couldn't he get your passwords?

No. The Reset Password function changes your password, but the system does not know your old password to decrypt the data in FileVault.

The important thing to remember is that:
- Your data is encrypted using your password (and the master password if set)
- The computer can not decrypt your FileVault data without the password - it is the key to the encrypted data
- The computer does not know your password. The computer knows a one way hash of your password, which it can use to determine if the password you just typed in is correct, but it can not know your password without you typing it in<1>.

In short, the computer doesn't know your password, so you must enter the password for it to be able to decrypt your data. If someone were to reset your password (without knowing the user or master password, because then it could decrypt the FileVault and give you access to the data) you can not access the data without attempting to break the encryption of the FileVault directly.

- proton

<1> A small sleight of hand here. In reality you can spend a really really really long time brute forcing (just trying to run the one way hash on each password) until you get the password, but this will take a long time. And requires you to be root (for passwords set using Panther), so you can get hold of the one way hash of your password.

[fat mac moron]

Originally posted by Axo1ot1:
Either way, almost nobody here is cool enough to actually need robust file encryption. If yo had highly sought-after intellectual property you might need that, but since virtually none of you do, the point is moot.

And no you don't have cool friends either.

I used FileVault on my PowerBook recently because I was travelling quite a bit, and didn't want to take a risk with someone walking off with my laptop. I keep a lot of "personal" information on my laptop that I would rather not make public, and encryting my entire user directory made sense... Sure, I could've easily created a disk image and kept my finacial information, web server settings, and miscellaneous documents in that *.dmg, but it was much more simple to just keep my user directory encrypted instead.

I'd rather be safe than sorry.

[K++]

The protections of your data are several fold and do require a very determined hacker and a careless user working together.

1) Your User password
This is your unix level password for access to things secured with the unix security model. Your files, etc. This can be reset with the CD utility.

2) Your Keychains password
This password is sepereate from your user pasword though most people set them to be the same thing. The good thing about that is that if your User password is reset, the keychain password is outside of that and would remain the same. Since they can only change your password never view it, all your stored keys are safe.

3) Filevault Password
This is another seperate password. This one unlocks the disk image that your data is stored in. you have the option of keeping this password on your keychain so that it can automatically be loaded at login, or manually being asked to type it in. If like most you keep it on your keychain your still safe for the reasons I mentioned earlier.

4) Machine Password
I used to think this was your root password, but this is yet another completely seperate password with the explicit purpose of eing able to open any filevaults on your machine. This is a secondary password for accessing your filevault. It is never put on your keychain, it is completely seperate of all the other password mentioned, and cannot be changed once set without knowing the password in the first place.

5) The Encryption
Every single one of the passwords mentioned is encrypted in an unsalvagable method except for keychain keys. The encryption on the disk image itself will take you those trillion years to decrypt, but again your passwords are the easiest way to get access. So for those paranoid security types you should have 4 different and unique strong passwords for each of the places mentioned above and you'll have nothing to worry about.


P.S. Almost none of you need that much securty nor encryption, but it sure is nice to have it, aint it?

[ReefHobbyist]

Originally posted by K++:


1) Your User password
This is your unix level password for access to things secured with the unix security model. Your files, etc. This can be reset with the CD utility.

3) Filevault Password
This is another seperate password. This one unlocks the disk image that your data is stored in. you have the option of keeping this password on your keychain so that it can automatically be loaded at login, or manually being asked to type it in. If like most you keep it on your keychain your still safe for the reasons I mentioned earlier.

Sorry to bring back an old post but I have a comment and question regarding filevault.

First my comment. I don't believe the Filevault pw is kept in the keychain and used to login with. The keychain is stored within the encrypted file and is inaccesible until after the password has been entered and the vault is opened and mounted. The pw entered at login is passed to the disk helper and opens the vault if it is valid. If you changed your login pw through CD utility and it didn't match you fv password then you would be prompted.

My question on filevault is related to data that is acted upon outside the vault, such as swap space. If you are editting a file in an application that pages out to swap is the data encrypted or is it "in the clear"? I.e. even though the original is encrypted portions of it could be extracted from the swap.

I would think in order to be approved for government use this issue would need to be addressed.

Thanks,
Scott

[JKT]

Originally posted by LightWaver-67:
Well considering the topic of discussion, that's a 'given', isn't it...?



The whole premise of this discussion is how the security cannot be bypassed WITHOUT the proper password(s)... so the user's ability to recall the password is paramount to the ability to recover any data.

If you choose something so easy that you'll NEVER forget it, but other people can easilly figure it out.... why bother? Adversely, if you haphazardly generate a random password like:
rig4YsB98mmX and it has no meaning to you and you DON'T write it down...? you're begging for trouble.

Lastly... since Keychain decrypts it on-the-fly when you log-in... it doesn't matter HOW tough your password is, if other people know your USER password, Keychain will open it like a (place sexually explicit metaphor of easy woman here).

*Sorry ladies.

FWIW, the art of complex password creation that is easy (or easier) to remember - tell a story :

E.g. "I created my FileVault Password on the 10th March 2004!"

Convert to password - "IcmFVpot10032004!"

Long and complicated but very easy to remember and unique to you alone. Also, no need to write it down and potentially compromise your security.

Incidentally, making up a story is how "Mr. Memory" types are able to recall ridiculously long lists of random objects or numbers... so a tried and true method

[tooki]

Originally posted by K++:
4) Machine Password
I used to think this was your root password, but this is yet another completely seperate password with the explicit purpose of eing able to open any filevaults on your machine. This is a secondary password for accessing your filevault. It is never put on your keychain, it is completely seperate of all the other password mentioned, and cannot be changed once set without knowing the password in the first place.

Note that what K++ is calling the "machine password" is the one actually called the Master Password in Panther and in Apple's documentation. Note also that it is the Master Password only in respect to FileVault -- it can't be used to log into the system.

tooki

[MPMoriarty]

So basically, the answer to my question is...

NO. You can't bypass FileVault's security by simply resetting your password.

Am I right or have I missed something from the previous posts?

Mike

[Cadaver]

Originally posted by Axo1ot1:
Either way, almost nobody here is cool enough to actually need robust file encryption. If yo had highly sought-after intellectual property you might need that, but since virtually none of you do, the point is moot.

And no you don't have cool friends either.

I have HIPPA law protected medical information on hundreds of (research) patients on my Macs at work and at home. I absolutely require strong encryption to (a) uphold medical ethics and (b) to remain compliant with federal law.

If I fail to comply and medical information stored on my computers is stolen, I could face stiff fines, loss of my medical license or receive jail time. It would be really bad to say, "Your Honor, I lost my iBook in the Detroit airport which contained unsecured medical information on two hundred patients. Gee, sorry."

My computers are locked down tight - FileVault, AES-encrypted backup disk images, firewalls, strong passwords, etc (and I don't store protected information on my Windows machine, BTW).

[Person Man]

Originally posted by Cadaver:
I have HIPPA law protected medical information on hundreds of (research) patients on my Macs at work and at home. I absolutely require strong encryption to (a) uphold medical ethics and (b) to remain compliant with federal law.

If I fail to comply and medical information stored on my computers is stolen, I could face stiff fines, loss of my medical license or receive jail time. It would be really bad to say, "Your Honor, I lost my iBook in the Detroit airport which contained unsecured medical information on two hundred patients. Gee, sorry."

My computers are locked down tight - FileVault, AES-encrypted backup disk images, firewalls, strong passwords, etc (and I don't store protected information on my Windows machine, BTW).

Ah, the good old Health Information Portability Prevention Act

I knew that organizations using a hippo as their "HIPAA" logo would lead to people eventually mispelling HIPAA

[Cadaver]

Originally posted by Person Man:
Ah, the good old Health Information Portability Prevention Act

I knew that organizations using a hippo as their "HIPAA" logo would lead to people eventually mispelling HIPAA

Ooops. Sticky fingers.

[Tyre MacAdmin]

A little bit off subject but... I'm looking for a backup utility that will work with filevault... CCC still doesn't. Filevault is no good to me if I can't back up the contents.

[Cadaver]

Apple's Backup.app will work with a FileVault-encrypted home directory, mainly because it only runs if you're actively logged in. Be aware that files backed up to an external volume will not be encrypted.

What I do: Since I really only ever need a backup of the newest version of all my documents, I have Backup.app run automatically each night. The backup goes on to a second hard drive. But, to make the backup secure as well, the backup is actually written to an AES encrypted sparseimage disk image mounted on the desktop. This way, if someone tries to steal the firewire hard drive with the backup set, all they'll find is an encrypted disk image file when they mount it.

I leave my machine on 24/7 (with passworded screensaver), so this solution works very well for me.

Any sensitive data that needs to be archived to CD is also stored within an AES-encrypted disk image. True, it limits me to using those data on a MacOS X machine only, but secure it is.

I also have a small app called Crypt2 that uses 128-bit blowfish encryption, but I'm not sure I trust it, so I don't use it much (freeware app; what if it doesn't work on next OS version and I can't get to my data?).

[GENERAL_SMILEY]

Presumably even in a filevault protected user, swap files remain vulnerable.

[Detrius]

Originally posted by ryaxnb:
http://www.versiontracker.com/dyn/moreinfo/macosx/12932
The Open Firmware Password utility, by Apple. This should block attempts to bypass the security by resetting the password, by not allowing you to boot any way other then the normal way without a password.
P.S. I'm fairly sure if a hacker can reset the password using the OS X install CDs, he can get the encrypted information, because OS X automatically "opens the FileVault," that is, makes the data unencrypted.

In addition, you need a padlock on your machine to keep it shut. The Open Firmware Password is only as secure as your RAM modules.

To reset the open firmware password, pull a stick of RAM out (or otherwise change the RAM configuration) and reset the PRAM three times. Very handy for any computer tech to know.