Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

cyberblood

macrumors newbie
Original poster
Aug 19, 2017
10
0
Hi,

I'd like to know what encryption use FileVault in High Sierra?
In Sierra it's AES128, I hope they switch to AES256, thanks to the new Apple File System.
 
Not sure, but I will say a couple of things that I believe are related to your underlying concerns: There's little practical difference between the two. AES-256 really only exists because of bureaucratic BS surrounding the standardization of AES. Additionally, there are known issues with AES-192 and AES-256 that decrease the security level to around AES-128's level.

The bottom line: just because the number is bigger doesn't necessarily mean you need it. 128-bit AES is _perfectly_ fine.
 
The weakest link is going to be your password. The difference is in the number of "rounds" of the AES algorithm data goes through. More rounds will use more cpu time which isn't really an issue anymore with hardware acceleration and speed of modern SSDs. In short, it doesn't matter if you use AES38923490 if your password is a word in the dictionary or your dog's name.
 
Not sure, but I will say a couple of things that I believe are related to your underlying concerns: There's little practical difference between the two. AES-256 really only exists because of bureaucratic BS surrounding the standardization of AES. Additionally, there are known issues with AES-192 and AES-256 that decrease the security level to around AES-128's level.

The bottom line: just because the number is bigger doesn't necessarily mean you need it. 128-bit AES is _perfectly_ fine.

Source? There's a related key attack but that's not really a risk to consider. Consider that the NSA requires 192 or 256 bit key lengths for Top Secret materials. Only Secret materials can use 128. Granted, no one is going to brute force 128 bit AES but the above is not true.
 
There have been demonstrations of for example AES256 at 11 rounds (not the normal 14) able to be successfully attacked in a much shorter time span than would be expected. I'm not an expert so read some of the examples here:

https://www.schneier.com/blog/archives/2009/07/another_new_aes.html

At present, there is no known practical attack that would allow someone without knowledge of the key to read data encrypted by AES when correctly implemented.

Source:- https://en.m.wikipedia.org/wiki/Advanced_Encryption_Standard

The article discusses the method you have invoked.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.