Silk Road forums
Discussion => Security => Topic started by: smogmonster13 on March 27, 2013, 12:21 pm
-
Hi: Does anyone know anything about the FileVault encryption I use on my Mac with mountain lion? How solid is it for encryption? Along with it, I encrypt my backup drives as well. Thoughts?
Thanks in advance.
-
I use it. Its a Unix based architecture so its better than any Windows Box thats for sure. . :-)
Something to think about though:
Apple sets up a recovery key with vilevault. Its possible that if you loose you password that tech support can get you (or the cops) into the computer. So, dont setup the recovery password key thing when asked. . . or choose some really good personal questions and answers for the key recovery feature so nobody else could guess them and get in later.
I even go as far as creating 8 different accounts. On startup, you have to enter the username and password. . and you can't tell which or how many accounts there are.. . . muuuhhhooohhaa. So, I would just hand over the dummy account password to the cops if asked and nobody can see or get into the real account that use.
Not a security expert but, I know Unix /Linux/Mac OS well enough to say vile vault works well. Id trust it more than Microsoft disk Encryption feature.
I also use remote desktop (Streamer App) between my Mac and my IPhone. So, I can use Tor and all my software on my Mac from the iPhone. So my iPhone is like a little monitor for the mac and I can control and use any feature on my Mac at home. It works anywhere on the road too. . . remote control your Mac from your iPhone. Its great for remote viewing and listing too with a webcam at home. .. check on mail delivery/mailman, traffic on the street etc. . . .record and play later etc. . you can even remote control a Power bar/UPS to power on/off any device that plugs in.
Enjoy
-
bump
-
It used to be 128-bit AES with 10.4 tiger but since 10.5 leopard it is 256-bit AES. If you do a fresh install of the operating system you can actually encrypt the whole drive instead of just the partition or home folder. But in many countries authorities can hold you until you provide a password. Infact Subrosa soft offers software called MacForensicsLab and MacLockPick to law enforcement to bypass filevault. You can actually get this software for free from certain bit torrent sites. Use truecrypt it's cross-platform available on Windows, Mac, and Linux.
-
VileFault
-
The problem is TrueCrypt doesn't support full disc encryption on mac, just hidden volumes. Does anyone know of good FDE software for mac?
-
I also heard that TrueCrypt had been cracked a while back.
-
The good thing about truecrypt is that it is open source. So we know that it is not backdoored especially if we compile it ourselves. I've recently switched over to mac and am dissapointed that I cannot use TC for FDE. I'm a little hesitant of FileVault in case it may be backdoored.
-
So long as you uncheck "Allow user to reset password using Apple ID" in Users & Groups (account) settings, FileVault is cryptographically secure (i.e. there is no backdoor) and will work only with your password or recovery key. See [clearnet] http://mjtsai.com/blog/2012/08/07/filevault-2s-apple-id-backdoor/
If you live in the US, however, a precedent has been set that requires people to provide computer passwords to authorities when subpoenaed to do so. FileVault, and file encryption in general, is good for civil matters (corporate spying, customer privacy, etc.). It cannot be trusted to stand up to criminal investigations.
lelmeriodici
-
lelmeriodici,
Do you have a link for that precedent? Has it been challenged?
You can always give a dummy account password but if it's too obvious that it's an unused account you might be in more trouble.
-
Yessir,
"A federal judge has ruled that a Colorado woman can be compelled to decrypt her encrypted laptop so that the police can inspect it for incriminating evidence. The woman, Ramona Fricosu, is a defendant in a mortgage scam case. She had argued that the Fifth Amednment's privilege against self-incrimination protected her from having to disclose the password to her hard drive, which was encrypted using PGP Desktop."
http://arstechnica.com/tech-policy/2012/01/judge-fifth-amendment-doesnt-protect-encrypted-hard-drives/
"A federal district court in Vermont has ruled that the Fifth Amendment right against self-incrimination does not bar the government from requiring Sebastien Boucher, who faces charges of possessing child pornography, to decrypt his laptop hard drive. A lower court had previously quashed a subpoena compelling Boucher to enter his password, reasoning that this was tantamount to requiring a defendant to testify against himself."
http://arstechnica.com/tech-policy/2009/03/court-self-incrimination-privilege-stops-with-passwords/
Google "fifth amendment passwords" for more.
Giving a dummy account password is unlikely to work, in my opinion. And yes, you could get in more trouble (contempt of court) for doing so.
lelmeriodici
-
Thanks.
Hypothetical +1 for you LOL
-
That's crazy. I thought password was protected by 5th amendment but obviously not. I guess technically you could have forgotten the password especially if you are sitting in jail or haven't used the computer in a while. i don't know how they could prove contempt in that case.
-
No problem.