Shirt Pocket Discussions

Shirt Pocket Discussions (
-   General (
-   -   Yet another FileVault Question (

rdlsmith 06-26-2006 09:09 PM

Yet another FileVault Question
In a post for 2004 it was recommended to NOT use FileVault. I may not understand it completely but from what I've read it's the only way to really protect your data.

The firmware password only protects the data on that particular Mac. True? Firmware was offered as an alternative.

Once the data is backed up say to a Firewire doing a copy, anyone could then mount the bootable image and get to the data. Yes/No? If you use Sparse, you can't mount it. Yes/No?

If you use FVault, you run a risk in trying to restore, the backups take up more space and there may be some other bad things. True even if you create a non-FV account and use that to backup?

I'm just trying to find a totally secure system that will let me back and restore easily.

From all my reading I've come up with the following. Please let me know if you think it would work and also be secure.

1. Turn on firmware password. This will protect your data while on that machine.

2. Create a bootable partition on a firewire big enough to hold a brand new OS X install. I made one at 15g and then left off the printer drivers/extra fonts/languages/etc. I think it would be better to make one at 20 Gig and to allow for updates. For example, my system discs are at 10.4.4. I've since upgraded through the software update to 10.4.6.

3. Install Super Duper on the new install.

4. Backup and only use only sparse images. You can password protect those and if you have a registered copy, you can add to them if you want. You can also keep different versions of them if you choose to do that. The only thing you can't do is boot from them.

5. Restore. In the event of a HD failure you could mount the copy of OS X created in step 2 and then restore from a sparse image back to a new HD.

If someone walks off with your Firewire drive they'll get the hardware, a fresh copy of OS X and that's about it. The backups should run clean because FV was never used.

Did I miss something? Will that work?


dnanian 06-27-2006 08:51 AM


You can use FileVault if you want full security for your entire Home folder. Just recognize that, as explained in the User's Guide, you need to take steps to ensure you have a good backup.

Specifically, you should create a non-FileVault account. Log out of your FileVault account and into your non-FileVault account before you back up: this will ensure that the FileVault volume is put away cleanly.

It'll take longer than "normal" to back up, because any changes to your Home will always copy the entire FileVault image, but it will stay secure on both source and destination.

It's not so much that backups take more space will FileVault: they're less convenient and take longer to create.

In general, yes, I think FileVault is massive overkill. But, in that, it's also much more comprehensive than other methods of securing your Home...

rdlsmith 06-27-2006 08:22 PM

Okay but...
Would someone other than the person making the sparse image be able to access the home area of the backup or a restore from that backup? Would they even be able to perform a restore from a sparse image they didn't create?

dnanian 06-27-2006 08:26 PM

Restoration can be a pain, since everything's encrypted in FileVault, so you can't easily get direct access to the files if you're not booted from the drive.

Note that, if you show hidden files, you can see the encrypted sparse image on the backup. If you open that hidden image with the appropriate password, you can get at the files. But booting from it is easiest.

Of course, when you're booted from it, your "real" Home is now locked up and hidden, right? So, you have to play some games, storing the files you want to restore somewhere, booting back, and then copying them in.

So... security has its price!

rdlsmith 06-27-2006 08:51 PM

Sparse Image
"Note that, if you show hidden files, you can see the encrypted sparse image on the backup. If you open that hidden image with the appropriate password, you can get at the files. But booting from it is easiest."

It's my understanding that you can't boot from a sparse image.

Anyway, my question at this point is still basically this:

Are Sparse Images (Not Sparse Images that had FV enabled) of a file system secure? That is, no FV used before the backup. Just the password required by using a sparse image backup.

I made a sparse image backup, logged out and back in as a guest user. I could open the sparse image (mount it) and see many of the files but I couldn't open any of the files in my other Home account.

Would someone that walked off with the external drive that contains such a sparse image be able to access my files from the Home directory? Even if they did a restore to another box of any type?

dnanian 06-27-2006 08:55 PM

Sorry, you're absolutely right. You can't boot from the image, but can restore the image to a bootable device to get access to it, or you can open the invisible FileVault volume on the image (so, an image in the image) to get at the files.

Sparse images with password protection are, indeed, secure -- in fact, that's what FileVault uses. If you're FileVaulted, and they got the sparse image, password protected or not, those files are just as encrypted as they were on the original drive. So, no -- they wouldn't be able to get access without breaking the encryption (unless, of course, you didn't have a password on your login account, or had one that was easily cracked).

rdlsmith 06-27-2006 09:45 PM

No FV being used. Nothing but a sparse image. No image within an image.

Just a sparse image with a password.

Is there anyway a hacker or whatever could get to those files short of knowing the password?

dnanian 06-27-2006 10:03 PM

Without breaking the encryption, no.

MacD 07-03-2006 12:51 AM


Originally Posted by dnanian
In general, yes, I think FileVault is massive overkill. But, in that, it's also much more comprehensive than other methods of securing your Home...


I have seen this type of thinking from you in other threads and I wanted to address my concern for it.

If people encrypt only the file they need encrypted, be it customer data or bank account information or even super-secret government plans, encrypting a single file does not necessarily secure it.

That data could be stored on the hard drive elsewhere in cleartext format and anyone with Disk Rescue could find that information without being a budding cryptomaniac. Even "secure erase" on Apple's trash can is a false sense of security, because again... you have no ide if the hard drive has stored that data elsewhere prior to moving it to the current location. While the currently location would be, in theory, securely erased, the other locations that data was stored on the HD previous are NOT erased.

The ONLY solution around this problem is to encrypt everything, or what you deem to be overkill. Using a sparse image means that everything you do with your user account, all caches, temp files, account settings, history tracking is all encrypted. Even data that is moved around on the HD is still only moved around in that 'sparseimage' location on the drive and is thus always encrypted.

It is annoyingly slow to backup sparse images or even to an ecrypted sparse image if your home directory is 27GB. Imagine 60GB or more. Using applications like Rsync, while they are built to handle sparse files (with the -S) option in Tiger, it is still terribly slow. Mounting those seperate sparse images, the original and the backup is faster, but still slow because of the encryption.

But, because it's annoyingly slow doesn't mean its overkill to use that. You mentioned somewhere that does one need to really encrypt MP3 files or iPhotos of your family. You may or may not have that need, that is a personal decision of the individual user. I have no room to pass assumptions onto other folks personal security needs.

I personally encrypt everything with filevault and store my mp3 and photos inside of it. Why? Because I need those items secure? Nope, I just like knowing that should I lose my Powerbook, that NOTHING personal, not even my taste in music, is passed on. Even for the budding forensic kiddie, searching blocks on the hard drive for data now encrypted but previously not would not be a concern, because it was never written anywhere BUT in the sparse image.

For others reading this, I wanted to comment on a previous comment I made in which secure erase is not good enough. Then you ask, but what is? Using "Erase Free Space" in Disk Utility is the ONLY true way of removing data from your drive.

So, which is good enough? One secure pass, 7 passes or the whopping, it takes 5 days to complete, 35 pass option? Well..., the 35 pass option of course. It has been determined that 7 passes is NOT enough, as different hard drive brands store data differently. The 35 pass uses the Guttman method, which produces 27 different types of writes for all types of hard drives... to zero out that data and make it unrecoverable.

Memory media like USB Thumb Drives, iPod Nano's... 7 passes is enough.

In conclusion... I think it would be a benefit of SuperDuper to support methods (secure methods that is) of automated or taking advantage of the fastest methods available to produce backups using FileVault, Encrypted Sparseimages, etc. That said... there is no secure of automating such backups as you would not want to store your password somewhere for the application to use to mount and backup encrypted images, even if you use the secure encrypted keychain as all it would take is for the 2:00am backup to begin and have it mount those images and now they are available to anyone in possession of the laptop and your security went out the door.

Please stop encouraging people to skip on Filevault for a less secure method. The ONLY way to have the non-filevault method work is to run a secure erase after anytime you modify encrypted files.

MacD 07-03-2006 01:01 AM

One last comment... RocBit produces a external drive that uses hardware encryption to store data and is MUCH faster than the software method that we use for FileVault, etc. It even includes a hardware based key that you stick into the drive in a key port and only with that key and the knowledge of a password (two-factor authentication) can you access data on that drive.

This would be the best (although more expensive) means of encrypting your backups without going through the encrypted diskimage or filevault method. That said, this only applies to your backup, not the data on your internal drive. So, your still stuck with filevault until Apple releases the ability to have your full drive encrypted and its hardware encryption based solution.

Sometimes I wish I had something to hide as going through all the hoops of the "possible scenerio" that may never happen is a lot of time wasted, but much like paying an insurance premium for something that may never happen, and may end up being a complete waste of funds... provides peace of mind.

I believe that is why most people like encryption, peace of mind.

dnanian 07-03-2006 01:31 AM

There is nothing about encrypting the home folder that guarantees that a given application is going to write everything into Home, MacD...

MacD 07-03-2006 01:43 AM

Yes, you are correct. It could write them anywhere.

However, in my experience, most applications which store user specific settings, history, browser cache, and all other activities are primarily stored in the Library folder, in your home folder. So, while some information is stored outside of it and achieving ultimate disk encryption is impossibel without the whole drive being encrypted... I'd rather run with knowing that at a minimum, 80% of my stuff is encrypted, vs 0% of not running Filevault.

You will be hard pressed to win a security argument taking any other approach.

dnanian 07-03-2006 01:50 AM

Honestly, I'm not trying to "win" a security argument. I'm just suggesting that FileVault is probably more than most people need for general "security". Given that you're running on a system that doesn't enforce encryption across all interfaces, it seems that encrypting the data you need encrypted -- even storing it on an encrypted image, managed with something like Knox, is probably more practical than doing the whole home folder.

If you're concerned about everything then, by all means, please use FileVault. Just recognize that you're balancing safety (security) and convenience, and you might need to take extra steps -- like logging out of your Home folder and into a different account -- when backing up.

In addition, since you're abstracting the storage of your files a level, disk damage can be far, far more damaging with FileVault than without, since the same tools you're concerned about "hacking" your data, like Data Rescue, can no longer recover your files in the event of a disaster.

It's a tradeoff...

MacD 07-03-2006 02:01 AM

It very much is a tradeoff. I don't want Disk Rescue to recover files and obviously, if I have a crash of either the drive of corruption of the image, and I have not be diligent in my backups, then yes, I am screwed and Disk Rescue will not help me out.

However, most people are HERE on this forum because they WANT to be diligent about backing up their data and they want to know the best way using the methods available under various circumstances, including, but not limited to using FileVault.

I think it is honorable to have people concerned with backups because most people I know, don't make backups and live dangerously.

I think what most folks with Encryption backup needs want, is an easy to way to "spawn" the event... even if that means being reminded to manually starting an event and having an application like SuperDuper to mount the necessary images and go through the process even if requiring a "start of session" authentication to mount encrypted volumes would be a good thing.

dnanian 07-03-2006 07:40 AM

Settings, which are discussed in the User's Guide, are a good way to "spawn" the event. By double-clicking a saved settings file in the Finder, SD! will load up with whatever you'd like ready to go, and you need only click "Copy Now".

If your destination sparse image is encrypted, we'll mount it and request the password (or use the one in the keychain), and you're off and running.

All times are GMT -4. The time now is 11:24 AM.

Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2022, vBulletin Solutions, Inc.