Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

mac_in_tosh

macrumors 6502a
Original poster
Nov 6, 2016
604
6,339
Earth
I have a 2019 MacBook Pro running the latest OS. If I use Disk Utility to create a new image, I have a choice to use 256 bit encryption for it. If, however, I plug in a USB stick and choose encryption, there is no choice of encryption level. What encryption it is using in that case?

Thanks,
 
Last edited:
If you encrypt the image and then put it on the USB stick, the stick would be accessible but the file would not (without the password). Same if you put the file on and burned a disc, copied it to a hard drive or SSD.

There are secure drive products too- some with "padlock" or similar numbers to manually enter a passcode/pin but I think the closest you can get with a regular one is encrypt it as you were trying. My guess is that it is not in the right format for the encryption option to be available. It looks like it needs to be formatted APFS if you want to encrypt the drive.
 
Last edited:
Yes, if i create a new disk image and encrypt it (choosing 256 bit) I can then put it on a USB drive. The drive will open without a password and I then have to enter a password to access the disk image inside of it.

But I have USB drives that ask for a password upon insertion in the USB port i.e. just to access its content.I don't remember how I did it. I assume I did it as described in my original post. So my question is what level of encryption is used in that procedure as there is no option to choose between 128 and 256 bit.
 
If, however, I plug in a USB stick and choose encryption, there is no choice of encryption level. What iencryption it is using in that case?
Very good question! I checked on my machine and was surprised that Disk Utility didn't offer the choice of 128- or 256-bit for APFS encryption. Nor did a quick search find an Apple document that specified what would be used.

I'm fairly confident it would be the 256-bit level, but it's odd that it isn't documented.
 
I'm fairly confident it would be the 256-bit level, but it's odd that it isn't documented.

Yeah, never seen anything definitive either.

That said, will ditto 256. The Apple Security Guide hints at it, most notably anything with a T, M, or A processor using the "AES Engine". And in the security guide it says:

Every Apple device with a Secure Enclave also has a dedicated AES256 crypto engine (the “AES Engine”) built into the direct memory access (DMA) path between the NAND (nonvolatile) flash storage and main system memory, making file encryption highly efficient.
 
Whew! That was an interesting dive. I’ll do my best to lay my research results out in the easiest to follow order with the admission my conclusions, understanding of everything could have mistakes.

If, however, I plug in a USB stick and choose encryption, there is no choice of encryption level. What encryption it is using in that case?
Apple mentions "AES256” and “AES 256-bit keys” in the Secure Enclave and T2 documentation and white paper.


Early search results noted XTS as well as both 128 and 256-bit.

APFS Encrypted is one of the four APFS formats for Mac computers running macOS 10.13 or later. It works the same as the plain APFS but encrypts the volume in XTS mode with a 128-bit key length. In addition, APFS Encrypted reflects APFS's native support for encryption, which you can easily enable in Disk Utility when formatting a volume/disk or creating a new volume.


APFS encryption is done with the AES encryption algorithm in XTS mode with a 128 bit keylength. This is the same algorithm, mode and keylength used by earlier versions of macOS too (i.e. with HFS+ file systems).

As you mention Windows BitLocker, this is actually the same method and strength that Windows has recently started using in the newer versions of Windows 10.

Regarding your other questions about guest users and account passwords - this really has nothing to do with APFS encryption. This is instead handled by a layer above called File Vault 2.

File Vault 2 with APFS is really the same as with HFS+ with the one difference that APFS has built-in encryption support (i.e. the AES-XTS-128 for encrypting the data) where HFS+ needs encryption added as layer on top of the file systems (i.e. via Core Storage). In practice there's no real difference for most end-users.

And now things are somewhat coming together; it is 256-bit but via two 128-bit blocks.
Similarly, an implementation may restrict its support to either the 256-bit key size (for XTS-AES-128) or the 512-bit key size (for XTS-AES-256).

How exactly that encryption is implemented varies.
External drive and, I assume, disk image encryption seems to follow a similar method as FileVault, before T2. That is, the volume encryption key (VEK) is generated based on a password and xART key.

The internal SSD/NAND of T2, M series, and (most) A series devices adds the UID into the encryption blender. And, of course, it’s more efficient/quicker because the encryption and decryption is handled by dedicated processors rather than the CPU.

If I use Disk Utility to create a new image, I have a choice to use 256 bit encryption for it.
The best I can extrapolate:
Disk images support two types of encryption: 128-bit AES (Advanced Encryption Standard) and 256-bit AES. The two levels of encryption refer to the size of the keys used in the encryption/decryption process. The 256-bit encryption is considered more secure than the 128-bit encryption, but the 256-bit encryption also takes longer to encrypt and decrypt. The 128-bit encryption will likely meet the needs of most people, while the 256-bit encryption is a better choice for data that needs a higher level of protection.

If the encrypted volume was migrated from Core Storage and the user changed their password afterward, it’s possible to have a non-Core-Storage wrapped KEK containing only a 128-bit key. In these instances, the last 128 bits of the unwrapped KEK will be zeros and should be ignored.

I’m guessing Disk Utility is using this padding method with the second 128-bit block of the 256-bit key when creating a 128-bit encrypted disk image.
 
I appreciate the answers, which are starting to go over my head. I gather that the consensus is that the default encryption of a USB drive is 256 bit on my 2019 machine.

Some (hopefully easy) questions:

1. If I encrypt a drive with Mac OS Extended (Journaled) format on an older machine I have (2011 Mac Book Pro) would the same apply or is 256 bit a later development?

2. If I encrypt a drive on the 2011 machine in Mac OS Extended (Journaled) format would the 2019 machine be backward compatible and use it without any issues?

3. Is the opposite true, that a drive encrypted with Mac OS Extended (Journaled) format on the new machine work on the old one? I mention the format as I think APFS is a more recent development than 2011.

Thanks again.
 
Some (hopefully easy) questions:

1. If I encrypt a drive with Mac OS Extended (Journaled) format on an older machine I have (2011 Mac Book Pro) would the same apply or is 256 bit a later development?

2. If I encrypt a drive on the 2011 machine in Mac OS Extended (Journaled) format would the 2019 machine be backward compatible and use it without any issues?

3. Is the opposite true, that a drive encrypted with Mac OS Extended (Journaled) format on the new machine work on the old one? I mention the format as I think APFS is a more recent development than 2011.

Thanks again.
1. I assume, it’s the same 256-bit used currently. Mac OS X 10.7 Lion was the first to include FileVault 2, which is still the current version.

2. Yes, although, the cutoff could be Mac OS X Lion due to the above. Coincidentally, I was able to do a test using Mac OS X Lion on a MacBook (Mid-2007) with a 256GB Patriot Rage 2 thumb drive. The drive mounted no problem on my M4 Mac mini with the latest version of macOS Sequoia.

3. I can’t test the encrypted aspect from newer to older as it appears HFS+ Encrypted has been deprecated in recent versions of Disk Utility. That fact also helps verify I did the erase and format on an older Mac OS version.

HFS-plus_encrypted_USB-drive.png
Format-options_USB-drive_Apple-parition-map.png
Format-options_USB-drive_GUID-parition-map.png
 
Last edited:
  • Like
Reactions: mac_in_tosh
I should have mentioned that while my old machine is from 2011, it is running High Sierra so not as out of date as may have been implied. That machine is not connected to the internet as I use it to access sensitive information on the encrypted USB drives.

My main concern at this point is whether those drives would open on a new Mac should the day come when it stops working. MacCheeta3 has allayed some of my concern about that. Last question (until the next one;)) - for future compatibility, should I format the USB drives with APFS (it is an option on the 2011 machine) or will Mac OS Extended (Journaled) be okay?
 
Last question (until the next one;)) - for future compatibility, should I format the USB drives with APFS (it is an option on the 2011 machine) or will Mac OS Extended (Journaled) be okay?
I would strongly recommend switching to APFS as soon as possible. Apple’s not one to hang onto legacy for long, and APFS has been the standard since macOS 10.15 Catalina. Lastly, even though the HFS+ Encrypted drive seemed to function smoothly in Finder, Disk Utility (in Sequoia) was very grumpy (i.e., mostly pinwheeled err beach balled) when asked to deal with it.
 
  • Like
Reactions: mac_in_tosh
Disk images support two types of encryption: 128-bit AES (Advanced Encryption Standard) and 256-bit AES. The two levels of encryption refer to the size of the keys used in the encryption/decryption process. The 256-bit encryption is considered more secure than the 128-bit encryption, but the 256-bit encryption also takes longer to encrypt and decrypt. The 128-bit encryption will likely meet the needs of most people, while the 256-bit encryption is a better choice for data that needs a higher level of protection.

I might (probably?) be talking nonsense here, but recall reading some years ago that AES 256 is more good because more bits, but has not been mathematically proven that it's more secure than 128, and might even have an issue as not proven mathematically and something could have been added that is exploitable merely by expanding number of bits but keeping the steps/process the same.

(Sorry, can't seem to dredge up a link right now: did some searching and have not located an article/document on this)

But maybe this hints at 256 could be improved: AES 256 with 256 key and blocks.


But as quoted snippet said, 128 is more than sufficient for anyone that is not on "anyone with the technology to hack" radar.
 
Last edited:
I would strongly recommend switching to APFS as soon as possible. Apple’s not one to hang onto legacy for long, and APFS has been the standard since macOS 10.15 Catalina. Lastly, even though the HFS+ Encrypted drive seemed to function smoothly in Finder, Disk Utility (in Sequoia) was very grumpy (i.e., mostly pinwheeled err beach balled) when asked to deal with it.
Thanks, I converted all my USB drives to APFS. When I erased the USB drives there was an option for APFS or APFS Encrypted and I chose the latter. When I created a disk image for the desktop, only the former format was available but there was an option elsewhere to encrypt. I don't think that's any issue, but just curious why the different options for USB drives and disk images.
 
Last edited:
I might (probably?) be talking nonsense here, but recall reading some years ago that AES 256 is more good because more bits, but has not been mathematically proven that it's more secure than 128
Here’s the math on that:


And from the earlier linked Reddit thread/post
AES-256-XTS XTS-AES-128 is effectively two, 128 bit keys. The strength of the keys would still only be 128 bit, it's just you have two 128 bit keys blocks.
Even a 128-bit block is 3.40282367e38 (2^128) permutations.
I think that’s enough. :)

On the other hand, if we keep the (decryption) system intact and focus on the (plaintext) password, there are likely a lot less possibilities as password inputs aren’t (normally) required to be 128-bit (i.e., typically 16 characters) or 256-bit (i.e., typically 32 characters). Although, most system developers/designers require a minimum and sometimes don’t allow repeating numbers or characters. So, now let’s assume a password is required to have a minimum of three characters and it uses the ASCII char set (128 characters):

A three character input would be 2,097,152 (128^3) permutations.
A 16 character input would be 5.19229686e33 (128^16) permutations.
— By the way, selecting 16 characters in the 1Password generator fills the password difficulty bar/meter/gauge.
A 32 character input would be 2.69599467e67 (128^32) permutations.


Basically, if you have a lengthy password or passphrase, the amount of permutations becomes just as significant.

But as quoted snippet said, 128 is more than sufficient for anyone that is not on "anyone with the technology to hack" radar.
Could Apple eventually step up to XTS-AES-256? Absolutely. However, it’s likely far more advantageous — at least in the foreseeable future — to focus on maintaining other gatekeeping methods, such as limiting or slowing input attempts (i.e., hindering brute force efficiency).
 
On the subject of encryption….
I am in the process of encrypting an external backup clone (currently at 65%….. 🤪)
Is encryption time based on data size or volume size?

But I have noticed in Activity Monitor (Mac Studio), cpu is 96-98% idle….🤔
How is encryption carried out by my Mac, memory usage is minimal also.

Just find it very bizarre.
 
Is encryption time based on data size or volume size?

Depends.

HFS external, it's dependent on volume/drive size. All data blocks get encrypted into a CoreStorage object. But that's not happening here as HFS encrypted was dropped in the past so Studio can't do these. Seem to recall it could take day to days, depending on size, to encrypt an HFS.

APFS on external, will encrypted only blocks being used. More data on the drive, more time to encrypt it.

Since on Mac Studio, it's using an encryption processor to speed things up.
 
  • Like
Reactions: MarkC426
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.