FileVault
FileVault is a system that protects files on a Macintosh computer. It can be found in the Mac OS X v10.3 ("Panther") operating system and later.
It works by encrypting the user's home directory using the Advanced Encryption Standard (AES) algorithm with a key derived from the user's login password. A master password should be set as a precaution against a user losing his or her password. Content is automatically encrypted and decrypted on the fly. Although early versions were slow and caused system to temporarily hang when used with disk-intensive applications, such as sound and video editing, the performance of FileVault has been improved in more recent versions of Mac OS X.
Criticism
Some users complain that it is not possible to select which parts of the disk to encrypt. In contrast to Linux, Microsoft Windows, and other operating systems, only entire home directories can be encrypted. For example, the user cannot encrypt the whole disk as one would be able to in Linux or Windows XP with various disk encryption software. One possible workaround is the use of Apple's Disk Utility Application, included in the standard installation, to create an encrypted disk image using the same AES encryption offered by FileVault, which allows users to encrypt specific files and folders.
Several shortcomings have been identified in FileVault's use of cryptography, such as the use of the CBC mode of operation which can lead to watermarking attacks, reliance on 1024-bit RSA and 3DES-EDE which have an effective key size below that of 128-bit AES, and unsafe storage of keys in the OS X "safe sleep" mode.[1]
FileVault-protected accounts can be migrated from an older Mac to a newer one with some limitations and only as long the new machine has no existing user accounts -- otherwise, FileVault needs to be turned off during the migration, or the OS first needs to be reinstalled on the newer Mac.[2]
A study published in 2008 found data remanence in dynamic random access memory (DRAM), with data retention of seconds to minutes at room temperature and much longer times when memory chips were cooled to low temperature. The study authors were able to recover cryptographic keys for several popular disk encryption systems, including FileVault, by taking advantage of redundancy in the way keys are stored after they have been expanded for efficient use, such as in key scheduling. The authors recommend that computers be powered down, rather than be left in a "sleep" state, when not in physical control of the owner. [3]
See also
References
- ^ Jacob Appelbaum, Ralf-Philipp Weinmann (2006-12-29). "Unlocking FileVault: An Analysis of Apple's disk encryption" (PDF). Retrieved 2007-03-31.
{{cite journal}}
: Check date values in:|date=
(help); Cite journal requires|journal=
(help) - ^ Mac OS X 10.3, 10.4: Transferring data with Setup Assistant / Migration Assistant FAQ
- ^ J. Alex Halderman; et al. (February 2008). "Lest We Remember: Cold Boot Attacks on Encryption Keys" (PDF).
{{cite journal}}
: Cite journal requires|journal=
(help); Explicit use of et al. in:|author=
(help)