> There's also whole disk encryption (unfortunately not particularly robust -- I don't understand the reason but something about how the login password is stored seems to make this somewhat weak to eg the government)
As far as I understand it, with FileVault 2:
- encryption is full disk AES128 (with optional AES256) with XTS.
- the AES key is apparently [1] stored in the keychain on the recovery partiton, which is itself encrypted with 3DES, and unlocked with the login passwords. The login passwords are not stored anywhere, they are used as the encryption passphrase: decryption failure means that the provided password is wrong.
People have been able to retrieve the AES key with DMA attacks via special Firewire devices on a running system in less than a hour (I guess they could have used the PCIe slot, and maybe Thunderbolt) by dumping and scanning the memory, and this impacts just about any system out there, not just Macs and FileVault, but TrueCrypt also [0].
As far as I understand it, with FileVault 2:
- encryption is full disk AES128 (with optional AES256) with XTS.
- the AES key is apparently [1] stored in the keychain on the recovery partiton, which is itself encrypted with 3DES, and unlocked with the login passwords. The login passwords are not stored anywhere, they are used as the encryption passphrase: decryption failure means that the provided password is wrong.
People have been able to retrieve the AES key with DMA attacks via special Firewire devices on a running system in less than a hour (I guess they could have used the PCIe slot, and maybe Thunderbolt) by dumping and scanning the memory, and this impacts just about any system out there, not just Macs and FileVault, but TrueCrypt also [0].
[1] http://support.apple.com/kb/HT5077
[0] http://www.lostpassword.com/hdd-decryption.htm