[Cold Warrior]

What's the deal? Has someone found a way to get around or crack filevault? Is our FV image no longer secure?

MacNN | MacLockPick utility extracts passwords

[mac128k-1984]

Unless I missed something it did not mention file vault. Not that I use file vault the risk of losing the entire volume if data corruption occurs to too great. of a risk

[Cold Warrior]

It mentioned encrypted disk images. That's basically all filevault is.

[goMac]

Originally Posted by Cold Warrior 

What's the deal? Has someone found a way to get around or crack filevault? Is our FV image no longer secure?

MacNN | MacLockPick utility extracts passwords

It's probably a brute force attack. Which only works if you have a lot of time you're spending with the laptop.

[mac128k-1984]

Originally Posted by Cold Warrior 

It mentioned encrypted disk images. That's basically all filevault is.

Oh ok, I was looking for file vault

[Scott-G]

After reading the details of this tool and how it works I don't think FileVault is in anyway compromised. This tool requires:

1) The user is logged in, and
2) The investigator has access to the system to run the app.

It works by extracting data out of the unlocked Keychain when a user is logged in. It cannot crack an encryted image that is not mounted and does not have the password stored in your keychain.

It also can not crack your FileVault protected volume if you are not logged in. I.e., your keychain is not unlocked and is inside your encrypted home disk image.

So, if you are worried for some reason, log off when you are not using your system.

[Big Mac]

Could this be considered commercial malware?

[Scott-G]

Originally Posted by Big Mac 

Could this be considered commercial malware?

From Wikipedia : "Malware is software designed to infiltrate or damage a computer system without the owner's informed consent"

The docs says nothing is written to the suspect's machine. Notice the word "suspect". Their word, not mine. This, coupled with the fact that only licensed law enforcement agents can buy it, implies that informed consent isn't necessarily required (i.e. a warrant).

So, the short answer IMO, is no it is not malware.

[Cadaver]

Anyway, using FileVault so a legitimate law enforcement agency can't get in to your computer with a valid warrant isn't going to help. If they have a valid warrant, claiming you "forgot" your password is a good way to land your butt in jail on contempt of court charges.

Basically, if they can find the encrypted image, you're compelled to supply the password.

There is an open-source application, don't recall what its called, for Windows and Linux (coming soon for MacOS X, IIRC) that produces an encrypted disk image that doesn't exit in the file system as a discrete file, thus it cannot be differentiated from random data on the HD platter surface. You just have to make sure no log files exit of your use of it.

[Cold Warrior]

Unless you are a U.S. person and take the 5th Amendment - i.e., providing the password would incriminate yourself (because you'd be giving law enforcement access to incriminating information). Therefore, you invoke your right against self-incrimination.

[Rainy Day]

Originally Posted by Scott-G 

if you are worried for some reason, log off when you are not using your system.

Or set your keychain to auto-lock after n-minutes of inactivity.