Using FileVault

[ideal.dreams]

You might also want to enable "Find My Mac" in the iCloud Preference pane. Although the location function is hit or miss (it requires WiFi be on and in range of hotspots, and won't work if WiFi is off and say, you're connected over ethernet), you can still do things like remote-wiping the mac if the data on it is something you're concerned about.

----------



None so far. BUT, there's an optional backdoor that may cause you concern, depending on what you want to keep safe on that Mac. It's the security key that OS X offers to send to Apple, to unlock FileVault if the password is forgotten.

If you're absolutely paranoid about law enforcement or someone with social-engineering skills gaining access, then you will want to avoid sending the security key to Apple.

Yeah I opted out of sending my key to Apple. I have it stored in a safe physical location at my house so it looks like everything should be secure.

 

[ColdCase]

So with FileVault enabled, what are the chances of data being recovered from the SSD should anything ever happen to my MacBook?

The biggest security vulnerability is your password. A 8 character password can be brute forced cracked by the average perp within hours, an 16 character a lot longer. It would be easier to break the PW than the encryption, but that also can be done by a sophisticated adversary. I don't think any of us have information valuable enough to make that worthwhile, and of course none of us are involved in criminal activity.....

 

[Weaselboy]

It would be easier to break the PW than the encryption, but that also can be done by a sophisticated adversary.

I have not seen any evidence of anybody even claiming, much less proving they can crack FV2 encryption. Have you seen any reliable claims on this?

 

[ColdCase]

I have not seen any evidence of anybody even claiming, much less proving they can crack FV2 encryption. Have you seen any reliable claims on this?

Let me be perhaps clearer... poor passwords and password protection will foil even the best encryption.

Its not so much the encryption, its the key management or authentication. If I so happen to be looking over the shoulder of someone entering their password, I have the key and have the data.... a simple case.

Two factor authentication done right would be much more secure. But what we have is certainly good enough for personal data protection of 99% of us and for a machine that is simply lost, if we use strong passwords and protect them.

Wonder why Apple hired all those fingerprint reader experts...

 

[Weaselboy]

Let me be perhaps clearer... poor passwords and password protection will foil even the best encryption.

Its not so much the encryption, its the key management or authentication. If I so happen to be looking over the shoulder of someone entering their password, I have the key and have the data.... a simple case.

Two factor authentication done right would be much more secure. But what we have is certainly good enough for personal data protection of 99% of us and for a machine that is simply lost, if we use strong passwords and protect them.

Wonder why Apple hired all those fingerprint reader experts...

I understand that, but when you said "but that also can be done by a sophisticated adversary" it sounded like you were saying the encryption could be cracked.

 

[ColdCase]

I understand that, but when you said "but that also can be done by a sophisticated adversary" it sounded like you were saying the encryption could be cracked.

If someone takes possession of the machine, it becomes just a math problem.

 

[Weaselboy]

If someone takes possession of the machine, it becomes just a math problem.

I feel like we are going in circles here. I am saying I have seen no evidence anybody has ever been able to crack FV2 encryption. If you have some evidence I am mistaken, I would be interested to see it.