OS X El Capitan Encryption Scheme Open Source?

[theprizerevealed]

hi,

I wonder if the code for OS X El Capitan full disk encryption is open source so that the public can examine the code and the method for implementing the mathematics of the encryption algorithm? If not then how can we know that everything Apple says isn't political theater?

I know that the code responsible for implementing the encryption algorithm and mathematics for the open source linux community is available for the public and qualified software and encryption engineers to examine to guarantee that there are no flaws or backdoors - debian software being a good example.

I know that Apple uses some open source software from Unix and BSD and Darwin and others, but that fact alone does not address my concerns about the encryption software code.

So what's the truth about the heart of the matter here? Is all of this political theater and we must rely on Apple's word or can we check for ourselves? thanks

 

[Puonti]

So what's the truth about the heart of the matter here? Is all of this political theater and we must rely on Apple's word or can we check for ourselves? thanks

Don't forget the third option - that it's secure and we just have to take Apple's word for it.

 

[Weaselboy]

Is all of this political theater and we must rely on Apple's word or can we check for ourselves?

http://www.apple.com/opensource/

I don't see anything that Apple has released open source related to FV2, so at this point I think you just have to take their word for it.

 

[NoBoMac]

Earlier this week, came upon this:

http://www.opensource.apple.com/source/xnu/xnu-1699.26.8/bsd/crypto/aes/i386/aesxts.c
http://www.opensource.apple.com/source/xnu/xnu-1699.26.8/bsd/crypto/

So, the encryption algo is out there, but, have not seen the wrapper to this that is FileVault.

 

[theprizerevealed]

If one wanted to be assured that the apple computer was encrypted truly and fully, is it possible to somehow take the encryption software used in the linux community (such as for debian) for full disk encryption and install it into OS X?

So that you could encrypt doubly the entire harddrive - then when you started the computer you would see a password prompt such as truecrypt provided for full disk encryption? thanks for your help

 

[Weaselboy]

If one wanted to be assured that the apple computer was encrypted truly and fully, is it possible to somehow take the encryption software used in the linux community (such as for debian) for full disk encryption and install it into OS X?

So that you could encrypt doubly the entire harddrive - then when you started the computer you would see a password prompt such as truecrypt provided for full disk encryption? thanks for your help

There is no way anything third party like that will be able to work with the full disk and have it still be bootable. FileVault2 is going to be your only option there. But you could use an open source project like TrueCrypt (although it looks like development has stopped) to encrypt one partition on the Mac's drive, then store your personal data on there.

 

[NoBoMac]

Yes, TrueCrypt was abandoned under mysterious circumstances. However, there is a new TrueCrypt fork project, VeraCrypt.

https://veracrypt.codeplex.com