FileVault?

[Mcmeowmers]

And why is that?

A.

Because the "random" number generator has the lowest amount of entropy after a clean install. This information was current with Lion but may have been changed by Apple since then.

Since I haven't come across anything that suggests it has been changed it's not that difficult to just enable after a week or so of use. Your choice really.

I would really enjoy a more articulate response from MRxROBOT!

 

[Phil A.]

I use my computers for my business and therefore have to use it by law to be compliant with the data protection act in the UK (it's principal 7)

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Having said that, I'd use it anyway I think as I've not noticed any performance hit at all

 

[MRxROBOT]

Because the "random" number generator has the lowest amount of entropy after a clean install. This information was current with Lion but may have been changed by Apple since then.

Since I haven't come across anything that suggests it has been changed it's not that difficult to just enable after a week or so of use. Your choice really.

I would really enjoy a more articulate response from MRxROBOT!

Ask and you shall receive!

Why would you store a recovery key? The iPhone doesn't even have a recovery key. You have to know that any additional entry methods into your drive makes it less secure and more vulnerable.

 

[Alrescha]

Because the "random" number generator has the lowest amount of entropy after a clean install. This information was current with Lion but may have been changed by Apple since then.

While that is an interesting theoretical problem, by the time you get a chance to actually turn on FileVault (after setting up your account, installing updates, etc.,etc.), you've been using your computer for the better part of an hour. I would be interested to see any evidence that indicates that the random number generator needs anything more than that.

Personally would rather have my data encrypted sooner rather than later, so FileVault is always going to be turned on before I start moving my stuff over.

A.

 

[Mcmeowmers]

While that is an interesting theoretical problem, by the time you get a chance to actually turn on FileVault (after setting up your account, installing updates, etc.,etc.), you've been using your computer for the better part of an hour. I would be interested to see any evidence that indicates that the random number generator needs anything more than that.

Personally would rather have my data encrypted sooner rather than later, so FileVault is always going to be turned on before I start moving my stuff over.

A.

I believe it is seeded at shutdown and every 6 hours.

 

[steve62388]

I believe it is seeded at shutdown and every 6 hours.

Information about that here:- http://eprint.iacr.org/2012/374.pdf

(Possibly out of date now, I don't know).

 

[Mcmeowmers]

Ask and you shall receive!

Why would you store a recovery key? The iPhone doesn't even have a recovery key. You have to know that any additional entry methods into your drive makes it less secure and more vulnerable.

Assuming no one can access your recovery it should be the same, no? Does the existence of a recovery key change the encryption?
I know it's trivial if the recovery key is found but let's say it can't be found. Does the system become less secure even in the slightest? I would say yes because there is an additional entry point but is there any other theoretical reason for it being less secure?

 

[MRxROBOT]

Assuming no one can access your recovery it should be the same, no? Does the existence of a recovery key change the encryption?
I know it's trivial if the recovery key is found but let's say it can't be found. Does the system become less secure even in the slightest? I would say yes because there is an additional entry point but is there any other theoretical reason for it being less secure?

Yes the existence of a recovery key leads to a less secure encryption, so yes it changes the encrytption. I don't play the game of "if's". If the FBI was only after only one phone in the encryption case then what's the big deal? Oh wait...

 

[bobr1952]

Ask and you shall receive!

Why would you store a recovery key? The iPhone doesn't even have a recovery key. You have to know that any additional entry methods into your drive makes it less secure and more vulnerable.

Protect the recovery key and I see no reason not to have one. I store my recovery key in another encrypted product I trust--1Password.

 

[MRxROBOT]

Protect the recovery key and I see no reason not to have one. I store my recovery key in another encrypted product I trust--1Password.

I would never use 1Password but if you were so inclined to put your access password in there you could just put your encrypted password in 1Password and there would be no need for the recovery key. I don't see the benefit in the scenario you proposed, only adding another access path into your drive and further compromising it.

 

[bobr1952]

I would never use 1Password but if you were so inclined to put your access password in there you could just put your encrypted password in 1Password and there would be no need for the recovery key. I don't see the benefit in the scenario you proposed, only adding another access path into your drive and further compromising it.

That is true--but more important is what are you protecting and who are you protecting it from? For me--nothing that important to protect that I don't mind having that information in 1Password. Certainly secure enough for my purposes but I can only speak for myself.

 

[MRxROBOT]

That is true--but more important is what are you protecting and who are you protecting it from? For me--nothing that important to protect that I don't mind having that information in 1Password. Certainly secure enough for my purposes but I can only speak for myself.

It's not about how important what I am protecting is. I don't understand the need for the recovery key for your purposes. If you are going to store the recovery key to your encrypted drive in 1Password why not just store the encrypted drive's password. Both will give whoever has the password (hopefully only you) access to the encrypted drive. I don't understand why you have a recovery key.

 

[bobr1952]

It's not about how important what I am protecting is. I don't understand the need for the recovery key for your purposes. If you are going to store the recovery key to your encrypted drive in 1Password why not just store the encrypted drive's password. Both will give whoever has the password (hopefully only you) access to the encrypted drive. I don't understand why you have a recovery key.

As I said before, you are correct. And if I had taken the time to think about it at the time, I suppose I would not have bothered to create a recovery key (or at least not keep it in the same place) since as you said, it is redundant to have both that and the pass stored in the same place and adds no value.

 

[dilinger]

Guys,

Why not just enable a password protection on your Macbook?
To overide it, i presume someone has to remove the SSD from your Macbook, right?

It is not easy to remove and re-install an SSD from a Macbook (retina) though, right?

 

[Mcmeowmers]

Guys,

Why not just enable a password protection on your Macbook?
To overide it, i presume someone has to remove the SSD from your Macbook, right?

It is not easy to remove and re-install an SSD from a Macbook (retina) though, right?

Password protection is different that FileVault.
Removal of the ssd is easy and besides the point. you can remove a user password easily too