Believe it or not, despite accusations that that my coverage of the Mac wireless hack is all part of some anti-Apple black PR conspiracy, I’m a Mac user. One that’s so addicted I bought my Mom one and had it shipped to me so I could “configure” it. Okay, really I had to send mine in for service and I needed another Intel Mac so I could run it off an external hard drive with an image of my MacBook Pro. I mean I might have been without it for, like, 5-7 days and that’s just not acceptable. How can I carry out my anti-Apple black PR conspiracy without a Mac to write my blog entries on?
But I have something I need to admit.
It’s sort of embarrassing.
But it’s time to share.
You see, I’m a security professional. Not just a security professional, but one that focuses on data security. The kind that gets paid to run around telling the media how stupid everyone is for not protecting their data and doing things like, uh, encrypting their hard drives.
Not that I… um… was encrypting my laptop.
You see I was in a bit of denial. At first it was because I still used my corporate PC and didn’t have access to good encryption software that wouldn’t mess up my configuration. Which was really me just lying to myself. Later I told myself I was so good at physical security, and paranoid in general, that I’d never let my laptop get stolen. Yep, another lie. Finally the ultimate in self deception, “well, I really don’t have anything sensitive on there in the first place”. Right. None of those “not for disclosure” Powerpoint presentations from vendors are really sensitive, are they? I mean how much personal stuff like social security numbers or credit card info could really be hiding in Outlook (in my Parallels virtual machine) or Mail.app? I mean really!
When I decided to attend Black Hat and Defcon (home of the world’s most hostile network) right after an international trip to Australia and China I figured it might be a good time to get off my ass and finally encrypt my laptop. For those of you not familiar with Macs, Apple’s included encryption in the OS X operating system for a few years know in a feature called FileVault. But there’s been a lot of debate on how “safe” FileVault is; not from a security standpoint, but from a reliability/recovery standpoint. But in a recent thread in the TidBITS mailing list it didn’t seem to many people had much experience with FileVault, and perhaps some of the rumors were unfounded. Or not.
Eventually the guilt caught up and it was time to take the encryption plunge. And so far FileVault is working like a 128-bit AES charm.
(details after the jump)
FileVault isn’t the whole-drive encryption I typically recommend to enterprise clients. Rather than encrypting the entire hard drive FileVault encrypts the entire home directory of the user. It’s a model well suited for Unix-style operating systems like OS X where nearly any personal file or setting is in the home directory, as opposed to Windows systems where data tends to be more distributed throughout the OS. OS X also includes an option to encrypt the memory cache so even temporary files are protected. The combination of encrypting the home directory and all virtual memory isn’t perfect security, but good for most of us mere mortals worried about losing our laptop or hard drive.
FileVault works by creating an encrypted disk image for your home folder (an encrypted sparse image file). When you log in the image mounts and data is transparently encrypted and decrypted using 128 bit AES (Advanced Encryption Standard) as it moves to and from disk. Log out and it unmounts, appearing as one big encrypted file. That’s where most people’s fears arise- your entire home directory, every file including photos, music, video, email, and everything else is all on one big file just waiting for a few corrupt bits to make it unreadable. If your system suddenly crashes and corrupts the image (yes, even Macs crash) there’s the possibility of losing everything.
For more details on the inner workings of FileVault check out this article at macdevcenter.com.
After doing some research I took a few steps to prep my system. To help with performance I moved my iTunes library to /Users/Shared so they’d be out of my home directory and keep the image file smaller. My photos were already on an external drive and I only have a few videos. That dropped around 30 GB from my home directory. I then created a new user account for running backups. I use the excellent SuperDuper to backup my Macs to external drives. By using a separate backup account the entire encrypted disk image is backed up and thus protected even on the external drive. Since SuperDuper creates bootable copies of hard drives you get the nice option of being able to run completely off the external drive, on any Mac, should you lose your primary drive or even the entire computer. No restore needed. At this point I also committed to backing up nightly instead of weekly.
From there it was a simple matter of going into the Security Preference Pane, setting a master password (just in case I forget/screw up my primary), enabling virtual memory encryption, and turning on FileVault. An hour or so later it finished encrypting the drive and I was good to go.
So how did it work?
Good. Maybe even great. I’ve been up for about 6 weeks now and haven’t had any problems. Performance seems as good as before, although I do have 2 GB of memory and a 7200 rpm hard drive. Even with a few system crashes I haven’t experienced any corruption. What’s also nice is since I do most of my work-related computing in a Windows XP Parallels virtual computer so now even my Windows system is encrypted. Kind of cool.
Better yet. After an unfortunate incident in Sydney, Australia involving a bottle of water, my MacBook Pro, and a 220 volt hair dryer I needed to send my laptop back to Apple to have a slightly-melted keyboard replaced (don’t ask). For about 5 days I ran on an iMac off an external drive with a bootable image of my laptop and, although sluggish, didn’t have any problems with FIleVault. When the laptop came home I re-imaged the hard drive off the external drive I’d been running on and everything was updated and back to normal.
Now try and do THAT with just about any other OS.
I’m going to stay diligent with my backups, but at this point I feel comfortable recommending FileVault to any Mac laptop user that wants to protect his or her sensitive data.
Yes- that’s you. Stop pretending you don’t have anything important on there. The first step to recovery is admitting you have a problem.
Reader interactions
9 Replies to “Experiences with FileVault- Mac Encryption”
Personally I used to use FileVault on my Mac for home directory encryption, and GPG for email. I then temporarily switched to a beta of PGP for whole drive encryption (and everything else; but as a single user the mail.app plugin worked better than the service option). My license expired and my drive decrypted, so I’m starting to look at other options (PGP worked very well, but I prefer a perpetual license; odds are I will end up back on it since there aren’t many Mac options for FDE- just them, CheckPoint, and WinMagic if you have a Seagate encrypting drive). FileVault worked well for a while, but I did encounter some problems during a system migration and we still get problem reports on our earlier blog entry about it.
Yes- unless you give them your password (which they often ask for).
Can I trust FileVault to adequately secure my keychain, 1Password and personal data on my iMac when I send it to Apple for warranty work?
I’‘ve had a series of unpleasantnesses with FileVault; every . revision or so I try it again…regretfully so. Today being an example.
I have had antivirus triggered by strings in my sparse image bundles (antivirus set to erase
infected files at the time). Took me awhile to figure that one out. Note that those bundles’s contents are pretty random and thus so was the
problem. That was an easy fix.
I’‘ve had corrupted DRMed files (good idea about moving the media stuff out of harms way) but Mail.app is where I get burned. Corrupt indexes and mailboxes.
I have a LOT of mail running through, and a lot is saved. When not in Filevault that works just fine.
On the plus side, I am REALLY good at backups and restores now.
That “not designed for large home directories” sounds right but I also suspect rapidly changing filesystems also can cause grief.
I would use TrueCrypt (and do for some things) but
the Mac version can’‘t do nifty auto user directory
encryption…at least not yet.
I would very much like to hear about reliable alternatives.
If FileVault works for you: great but take your backups seriously should you ever trip over its
limitations.
I’‘ve been running FileVault on my PowerBook G4 since July 2004, and just recently after upgrading the factory hard drive (80GB) to a 160GB Seagate drive, I’‘ve started experiencing some corruption issues with FileVault. I just got back from a vacation, and after importing some photos into iPhoto and doing some touchup work on the photos then closing it for the night, I tried to open it the next morning, and only 52 photos showed up. I have well over 1000 photos in my iPhoto.
One of the “Mac Geniuses” at the local Apple store told me that FileVault wasn’‘t intended to be used for “large” home directories. My home directory is currently 30.69GB. So I tried to “decrypt” my home directory and got the following error message: “An error occurred during decryption (an error occurred during copying). FileVault will be turned on for this home folder and the home folder will still be encrypted.” I am now working on the super painful task of doing a second back of my files to DVD, and then I will have to recreated my home directory without encryption enabled and reload my files from backup.
I really don’‘t recommend FileVault unless you want to experience possible unexplained corruption of your files in the future.
Good idea, thanks – hadn’‘t thought of moving them outside of the Home folder. Now, if only I could encrypt the bootable backup drive…
You don’‘t need to get rid of them, just do what I do-
As per the article, I place my photos and music outside of my home directory. Thus they don’‘t bloat my FileVault image, but I still have them. If you are worried about security, you can create an encrypted sparseimage file and copy them into that. Just make sure you are really good with backups.
Alas, that would defeat the purpose of having a notebook computer; I travel with my music and I’‘m a photographer.
It needs enough space to copy your entire folder into an encrypted image, then it deletes the original. Try moving out your music and photos as I mention in the article.