The Full Wiki

FileVault: Wikis


Note: Many of our articles have direct quotes from sources you can cite, within the Wikipedia article! This article doesn't yet, but we're working on it! See more info or our list of citable articles.


From Wikipedia, the free encyclopedia

FileVault icon.
FileVault in the System Preferences under Security

FileVault is a system that protects files on a Macintosh computer. It can be found in the Mac OS X v10.3 ("Panther") operating system and later.

FileVault uses encrypted file systems that are mounted and unmounted when the user logs into or out of the system. The user's home directory is encrypted using the Advanced Encryption Standard (AES) algorithm with a key derived from the user's login password. A master password can be set as a precaution against a user losing his or her password. Content is automatically encrypted and decrypted on the fly. Although early versions were slow and caused system to temporarily hang when used with disk-intensive applications, such as sound and video editing, the performance of FileVault has been improved in more recent versions of Mac OS X.

In Mac OS X v10.4 (Tiger), FileVault stores the encrypted file system as a Sparse Disk Image, which is basically a single large file. In Mac OS X v10.5 (Leopard), FileVault stores the encrypted file system as a new image called a Sparse bundle.[1] Sparse bundles break images into smaller 8MB files called bands, allowing them to be backed up using Leopard's Time Machine feature (see below for limitations, however). If transferring FileVault data from a previous Mac that uses 10.4 using the built-in utility to move data to a new machine, the data continues to be stored in the old sparse image format, and the user must turn FileVault off and then on again to re-encrypt in the new sparse bundle format.



When using FileVault, it is not possible to select which parts of the disk to encrypt. Only entire home directories can be encrypted. For example, using FileVault, the user cannot encrypt the whole disk as can be done with 3rd-party Mac disk encryption software such as PGP Whole Disk Encryption. Similarly, specific files or folders cannot be encrypted using FileVault, although its underlying encrypted disk image technology can be used for this purpose via Apple's Disk Utility Application, included in the standard installation of OS X.

Several shortcomings have been identified in FileVault's use of cryptography. Even though FileVault is advertised as "128-bit AES encryption", its security can be broken by cracking either 1024-bit RSA or 3DES-EDE, both of which are considered weaker than 128-bit AES. Also problematic is its use of the CBC mode of operation (see Disk encryption theory) and the unsafe storage of keys in the Mac OS X "safe sleep" mode.[2]

FileVault-protected accounts can be migrated from an older Mac to a newer one with some limitations and only as long the new machine has no existing user accounts -- otherwise, FileVault needs to be turned off during the migration, or the OS first needs to be reinstalled on the newer Mac.[3]

A study published in 2008 found data remanence in dynamic random access memory (DRAM), with data retention of seconds to minutes at room temperature and much longer times when memory chips were cooled to low temperature. The study authors were able to use a cold boot attack to recover cryptographic keys for several popular disk encryption systems, including FileVault, by taking advantage of redundancy in the way keys are stored after they have been expanded for efficient use, such as in key scheduling. The authors recommend that computers be powered down, rather than be left in a "sleep" state, when not in physical control by the owner. [4]

Not all features of the Time Machine backup facility work when it is used in conjunction with FileVault in Mac OS 10.5. For example, a single file cannot be restored from the archive using the Time Machine interface; only restoring the entire FileVault is possible. Single files can however be restored manually using the Finder.

On 31 July, 2008, Brian Krebs posts on his Washington Post blog, that Charles Edge, an American researcher from Georgia, found a security hole in FileVault and had to withdraw from a speech about it at the Black Hat Security conference. [5]

See also


  1. ^
  2. ^ Jacob Appelbaum, Ralf-Philipp Weinmann (2006-12-29) (PDF). Unlocking FileVault: An Analysis of Apple's disk encryption. Retrieved 2007-03-31.  
  3. ^ Mac OS X 10.3, 10.4: Transferring data with Setup Assistant / Migration Assistant FAQ
  4. ^ J. Alex Halderman, et al. (February 2008). Lest We Remember: Cold Boot Attacks on Encryption Keys.  
  5. ^

External links

Got something to say? Make a comment.
Your name
Your email address