FileVault
Other names | Disk encryption software |
---|---|
Operating system | macOS |
License | Proprietary |
FileVault is a
Versions and key features
FileVault was introduced with
FileVault
The original version of FileVault was added in Mac OS X Panther to encrypt a user's home directory.
Master passwords and recovery keys
When FileVault is enabled the system invites the user to create a master password for the computer. If a user password is forgotten, the master password or recovery key may be used to decrypt the files instead.[3] FileVault recovery key is different from a Mac recovery key, which is a 28-character code used to reset your password or regain access to your Apple ID.
Migration
Migration of FileVault home directories is subject to two limitations:[5]
- there must be no prior migration to the target computer
- the target must have no existing user accounts.
If Migration Assistant has already been used or if there are user accounts on the target:
- before migration, FileVault must be disabled at the source.
If transferring FileVault data from a previous Mac that uses 10.4 using the built-in utility to move data to a new machine, the data continues to be stored in the old sparse image format, and the user must turn FileVault off and then on again to re-encrypt in the new sparse bundle format.
Manual encryption
Instead of using FileVault to encrypt a user's home directory, using Disk Utility a user can create an encrypted disk image themselves and store any subset of their home directory in there (for example, ~/Documents/private). This encrypted image behaves similar to a FileVault encrypted home directory, but is under the user's maintenance.
Encrypting only a part of a user's home directory might be problematic when applications need access to the encrypted files, which will not be available until the user mounts the encrypted image. This can be mitigated to a certain extent by making
Limitations and issues
Backups
Without Mac OS X Server, Time Machine will back up a FileVault home directory only while the user is logged out. In such cases, Time Machine is limited to backing up the home directory in its entirety. Using Mac OS X Server as a Time Machine destination, backups of FileVault home directories occur while users are logged in.
Because FileVault restricts the ways in which other users' processes can access the user's content, some third party backup solutions can back up the contents of a user's FileVault home directory only if other parts of the computer (including other users' home directories) are excluded.[6][7]
Issues
Several shortcomings were identified in legacy FileVault. Its security can be broken by cracking either 1024-bit
Legacy FileVault used the CBC mode of operation (see
Early versions of FileVault automatically stored the user's passphrase in the system keychain, requiring the user to notice and manually disable this security hole.
In 2006, following a talk at the 23rd Chaos Communication Congress titled Unlocking FileVault: An Analysis of Apple's Encrypted Disk Storage System, Jacob Appelbaum & Ralf-Philipp Weinmann released VileFault which decrypts encrypted Mac OS X disk image files.[8]
A free space wipe using Disk Utility left a large portion of previously deleted file remnants intact. Similarly, FileVault compact operations only wiped small parts of previously deleted data.[10]
FileVault 2
Security
FileVault uses the user's login password as the encryption pass phrase. It uses the
Performance
The
Master passwords and recovery keys
When FileVault 2 is enabled while the system is running, the system creates and displays a recovery key for the computer, and optionally offers the user to store the key with Apple. The 120 bit recovery key is encoded with all letters and numbers 1 through 9, and read from /dev/random, and therefore relies on the security of the PRNG used in macOS. During a cryptanalysis in 2012, this mechanism was found safe.[14]
Changing the recovery key is not possible without re-encrypting the File Vault volume.[3]
Validation
Users who use FileVault 2 in OS X 10.9 and above can validate their key correctly works after encryption by running sudo fdesetup validaterecovery in Terminal after encryption has finished. The key must be in form xxxx-xxxx-xxxx-xxxx-xxxx-xxxx and will return true if correct.[15]
Starting the OS with FileVault 2 without a user account
If a volume to be used for startup is erased and encrypted before clean installation of OS X 10.7.4 Lion or 10.8 Mountain Lion:
- there is a password for the volume
- the clean system will immediately behave as if FileVault was enabled after installation
- there is no recovery key, no option to store the key with Apple (but the system will behave as if a key was created)
- when the computer is started, Disk Password will appear at the EfiLoginUI – this may be used to unlock the volume and start the system
- the running system will present the traditional login window.
Apple describes this type of approach as Disk Password—based DEK.[11]
See also
References
- ^ "Apple Previews Mac OS X "Panther"". Apple Press Info. Apple. June 23, 2003. Retrieved January 21, 2013.
- ^ ScottW (November 5, 2007). "Live FileVault and Sparse Bundle Backups in Leopard". macosx.com. Archived from the original on October 29, 2013. Retrieved January 21, 2013.
- ^ a b c d e Apple Inc (August 9, 2012). "OS X: About FileVault 2". Apple Inc. Archived from the original on October 29, 2014. Retrieved September 5, 2012.
- ^ Apple Inc (August 17, 2012). "Best Practices for Deploying FileVault 2" (PDF). Apple Inc. p. 40. Archived from the original (PDF) on August 22, 2017. Retrieved September 5, 2012.
- ^ "Archived - Mac OS X 10.3, 10.4: Transferring data with Setup Assistant / Migration Assistant FAQ". Apple support. Apple. Retrieved January 21, 2013.
- ^ "Using Encrypted Disks". CrashPlan PROe support. CrashPlan PROe. Archived from the original on January 14, 2013. Retrieved January 21, 2013.
- ^ "Using CrashPlan with FileVault". CrashPlan support. CrashPlan. Archived from the original on October 20, 2013. Retrieved January 21, 2013.
- ^ a b Appelbaum, Jacob; Weinmann, Ralf-Philipp (December 29, 2006). Unlocking FileVault: An Analysis of Apple's disk encryption (PDF). 23rd Chaos Communication Congress. Berlin. Retrieved March 31, 2007.
- ^ Halderman, J. Alex; et al. (February 2008). Lest We Remember: Cold Boot Attacks on Encryption Keys (PDF). 17th USENIX Security Symposium. San Jose, CA.
- ^ Zdziarski, Jonathan (January 1, 2008). "File Vault's Dirty Little Secrets".
- ^ a b Apple, Inc (August 17, 2012). "Best Practices for Deploying FileVault 2" (PDF). Apple, Inc. p. 28. Archived from the original (PDF) on August 22, 2017. Retrieved September 5, 2012.
- .
- ^ "How Fast is the 512 GB PCIe X4 SSD in the 2015 MacBook Pro?". Tech ARP.
- ^ Choudary, Omar; Felix Grobert; Joachim Metz (July 2012). "Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption". Retrieved January 19, 2013.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ "fdesetup(8) Mac OS X Manual Page". Apple. August 21, 2013. Retrieved August 9, 2014.