I see three potential problems for current customers and advantage for apple hardware department

1) Need for faster disk (striped/raid, etc)
2) Need for more CPU power or some dedicated hardware encryption solution
3) Need for more and faster RAM.

Looks to me like very good marketing strategy.

(Reply) (Thread)

I used it on a 1GHz titanium PowerBook and didn't notice much of a hit; then again, I didn't have music or photos, etc. on the machine, it was for work. It had a "moderate" amount of files on it in $HOME, but they didn't tend to change that often.

I don't use it on my iBook because I don't want to pull my iPhoto library out into a different location.

(Reply) (Parent) (Thread)

I think that it is both a good idea and it's a performance killer.

Here's at least one report that FV is enough to make some tasks difficult:
http://www.tbray.org/ongoing/When/200x/2004/02/08/FileVaultVideo

Two further thoughts, both of which you most likely already have thought:

1. Ideally you'd put the sensitive stuff (mail, contacts, etc) in one area that would be encrypted, while bandwidth-intensive non-sensitive stuff (the three you mention, basically) would go unencrypted. I don't know how possible that is, on OSX or any other platform.

2. For a machine that is not moved often, nor out of your control physically, the convenience/security tradeoff probably leans towards convenience and speed at the cost of security. If you had a laptop that you took everywhere, the risk of lossage would go up, and the blaance might go the other way. *shrug*

Sorry I don't have better links/suggestions.

(Reply) (Thread)

I've heard many reports that filevault reduces reliability inasmuch as it's not uncommon for a small error corrupts your entire home directory. Common wisdomw seems to say that files you want to keep safe might be better off in an encrypted DMG, but they don't auto-resize nicely. (Essentially the problem is that with filevault, your entire home dir is one large encrypted file, such that an error in one place can corrupt the whole thing.)

(Reply) (Thread)

It sounds like FileVault is implemented as just a "sparse" encrypted DMG, and I think those resize. At least, they do resize up instead of being of a fixed size at creation-time.

(Reply) (Parent) (Thread) (Expand)

Heh. That sounds like the old DoubleSpace problem in the pre win95 days. the smallest error would fuck up your shit.

(Reply) (Parent) (Thread)

As the Reiser4 filesystem has (kinda) proven, today's computers actually get a performance boost out of having a compressed filesystem. The whole data pipeline to/from disk is so throttled by the hardware that there is a ton of unutilized CPU bandwidth that can handle the compression and encryption fast enough to make it an actual performance win in some cases.

Personally, I've been using FileVault for over a year and have never had a single problem or even a hiccough.

(Reply) (Thread)

Do you use iMovie? There seem to be many reports of any video work being too much for FV to handle.

(Reply) (Parent) (Thread) (Expand)

I didn't notice any real performance hit for "typical" usage: email, web browsing, writing docs, etc.

HOWEVER, if you use any sort of backup software, every change causes the entire FV file to get backed up. For me and my stupid 40G of scanned slides and negatives, that got to be a PITA.

Maybe if you put all your big, binary data outside of your home directory it's not as big of a deal?

(Reply) (Thread)

Yeah, that's the obvious solution, but it definitely falls into the "pain in the butt" category. I kinda like having everything under ~/ instead of scattered to the winds via symlinks... And then suddenly my incentive is "don't encrypt it because it's big" instead of "don't encrypt it because it's not private", which is lame.

(Reply) (Parent) (Thread)

VileFault is a nice idea, but extremely hazardous. One inopportune power failure can hose your home directory. Having lost several months of work to it once, I would strongly not recommend it for desktop use.

That being said: Music is probably fine in an encrypted FS; video, however, is definitely not. XCode builds are generally constrained by the CPU, not the disk, so it probably won't be an big issue there (but a benchmark would be well-advised if you're concerned).

(Reply) (Thread) (Expand)

By music, do you mean MP3s/AACs in iTunes, or multitrack audio editing in Logic/ProTools?

(Reply) (Parent) (Thread) (Expand)

FileValut it a pile of shit. You and computers already have trouble. Don't tempt fate Jamie!

The encryption is crap[0]. It's like someone just slapped it on and didn't even give it a second thought. The thing is just buggy as shit and until 10.3, it was entirely broken in every single way possible for a file system.

[0] AES is fine. It's not AES that's the problem. It's everyway that AES is used by apple. The keys are SWAPPED to the disk unhashed! Grep your swap file for your passwords. What the fuck was apple thinking?

(Reply) (Thread) (Expand)

Wow, that's... that's phenomenal. Although, (pardon my ignorance), in a situation where you have unhashed keys in memory (which at some point must happen), how can you ensure that the OS won't swap it to disk?

(Reply) (Parent) (Thread) (Expand)

I recommend not using FileVault. While it is much stabler than it was, it still has issues.

I recently lost my FileVaulted home directory due to disk crash. Granted, I was not backing up like I should have been. On the other hand, DiskWarrior was unable to help me because it cannot yet deal with sparse disk images, which is what FileVault uses. Read the man page for hdiutil for some extra information on sparse images.

There's also the performance issues. Longer to log in, longer to log out. Arguably slower read/write times due to the encryption.

Again, if your sparse disk image gets corrupted or the disk dies, you are pretty much fucked.

Having stuff on other partitions, which I have also done, is somewhat of a pain. iTunes and Xcode both have means of keeping your music or build directories elsewhere. You'll also want to have your download locations not in your home directory if you use FileVault.

If you have stuff that you need encrypted, I recommend making your own pre-sized read/write encrypted disk image (or a sparse image) and using that to protect your valuables.

And back up your system more often than you think is reasonable, especially if you use FileVault. After my disk crash, I not only don't use FileFault anymore, but I clone my whole system to a firewire drive partition every day.

(Reply) (Thread)

While your typical forensics tools like Encase and FTK don't come out of the box with the ability to break FileVault like they do EFS, I'd imagine FileVault typically fails in the same ways that EFS does. Improper key/certificate management typically makes it worthless.

In 95% or more of forensics cases that I've worked on the user fails to remove private keys or passwords from the systems disk, and thus the encryption is essentially pointless. That said, the problem with EFS is that the system creates a system recovery certificate that Encase and co use to decrypt the data. In my little use of FileVault, I haven't seen any options to move keys off disk or similar, although I haven't really looked either.

That said, before I implemented it on something I thought needed to be encrypted I would verify that Apple hasn't included any 'oh shit' recovery functionality like MS did and move such things off the disk to a safer location like a thumb drive or similar, and see how the private key/certificate is stored exactly, and how easily it could be attacked, i.e. does a super user changing your password also change the password for your encrypted drive, etc.

If all else fails, you could just try this link http://tinyurl.com/2rfwr

(Reply) (Thread)

I ran FV for two or more years, but no longer do so.

The primary reason for this were numerous data losses that occured with some regularity. (Once every three or four months or so.) All but the last of these were merely nuissance level: I'd generally lose the preference files for applications that were open at the time of an event that caused unexpected shutdowns. (The app crashed, the system went into suspend mode, or lost power, etc.) I always ended up redoing the prefs by hand, because restoring my homedir would have reverted the state of my data, which wouldh have been worse. (I'd also dumbly had this idea that FV made backups more convenient because then all you had to do was backup the sparseimage file. Nice theorry.)

The last data loss -- the straw that broke the camels back -- involved corruption to the volume, on a fairly large scale. There is NO utility that recover this. Period. If you don't back up religiously, and often enough, then you'd be well and truly fucked. I'll spare you the rest of that sob story.

Outside data loss, there's the issue of performance. I did in fact move my media files outside my home directory. It wasn't so much that iTunes was slow or something, but of course, backup times, etc.

I'd say that if you're going to use FV, take the following actions:

1.) move media files (or other large collections of data, etc.) somewhere outside your home directory. i used soft links to enable this, because changing all of the preference files would have been a pain in the ass.

2) BACKUPS. you can logout and backup the sparseimage file itself, which is damned convenient. if you need to restore some but not all of your homedir, you would have to put the image in an alternate location, open it, and grab what you need, transferring it manually. if you don't backup the sparseimage file, then you'll need to have your backups done while it's mounted and open, etc.

3.) make regular online copies of preferences for safari, mail, and itunes. you won't regret having set that up.

hope this helps.
cheers.

(Reply) (Thread)

http://www.tbray.org/ongoing/When/200x/2004/02/08/FileVaultVideo

I've never noticed a performance slowdown subjectively with anything but the firewire video. I kinda suspect the filesystem buffering should get it out of the way, pretty much. I do a lot of SW dev (NetBeans not XCode, but whatever) & rip & play a lot of music.

(Reply) (Thread)

I was running FileVault. It just creates and encrypted disk image to store your home directory which it dynamically grows as needed. When you log off, it asks you if you want to "shrink to fit" the disk image (in the case you added then removed files and the image was unnecesarily big.

I said yes to this harvesting once, but I was about to go to bed. While it was doing it's thing, I decided that I'd better mute the audio on my laptop before going to bed.. I pressed the mute combo on my keyboard, and this 'reaping' process stopped instantly.. I figured this was coincidence and went to bed.

I woke up in the morning and logged in and everything was acting wonky.. Turns out that the process died and left my homedir in some half-fucked state. I had to blow away that user account and restore from backup (which I thankfully keep every two weeks) to fix things.

I highly recommend against FileVault.

(Reply) (Thread)

I've been using FileVault since it was introduced, on two different laptops, and I haven't had a single problem.

As far as performance goes, the first laptop was a 600MHz iBook and if it could handle it, anything can. I did keep MP3s in /Users/Shared rather than in my home directory to keep the size of the encrypted data down, but I had a couple gigs even without them.

Anything can fail, of course -- you of all people should know that all software sucks -- but you are keeping backups, right? Any sparse image corruption should amount to little more than an inconvenience, in the unlikely event that it occurs at all. As a mobile user, knowing I have good backups at home make the slim possibility of data loss an acceptable trade-off for the security I get out of it.

(Reply) (Thread)

I use FileVault on a 2.1 GHz iMac G5 since last October, and had zero problems with it ever since. The sparse file increases its length as it needs to, when I (rarely - mostly when updating the OS) log out, it compacts it. AES is a very fast symmetric cipher and I can feel no performance degradation whatsoever. I'm building code for a quite large distributed enterprise system on this machine inside of the home directory regularly, so it's being excersised quite a lot. As for backup having to back up the whole sparse file, here's what I do: I don't back it up. Instead, I have an identical encrypted sparse file on the backup drive, mount it prior to running my backup script, and let rdiff-backup work its incremental update thing inside of it. I myself am thinking about moving out my iTunes folder into an unencrypted directory and symlinking it sometimes, but I always realize it's just the pedantic in me, and that I don't actually have any problem that this is supposed to solve...

(Reply) (Thread)

I'm a sysadmin, some of our users work on powerbooks.

We enforce using FileVault, since we need to have company data be secure. Regarding the comments about passwords in swap, well, it's better than no encryption.

So I have datapoints from about 70 users over a year's time. Basically, it's rather stable, but don't consider using it without having backups of the data stored in it. Don't backup the sparseimage, it's pointless except for quick recovery situations.

For backups, I wrote a GUI wrapper that runs rsync over ssh every so often while the user is logged in. You're welcome to it if you want it.

My points:
- Your access speed becomes about 2MB/s. Mostly CPU bound. This is not a problem for daily things. I even do my compiles in my homedir.

- FileVault is encrypted using a key that is stored with it. That key in turn is encrypted using your password and an optional master certificate. Either can unlock it.

- Please do enable a master password as well. This is used to unlock the keychain in /Library/Keychains/FilevaultMaster.keychain, which contains the private certificate. You can safely remove this from your system and store it elsewhere, you only need this in case you want to recover from a forgotten or corrupted password (yes, this has happened in 10.3).

- I keep my music and movies in a non-encrypted directory, /local in my case. Reasons are copy speed and FileVault size. If FileVault becomes big, it was very slow to compact in 10.3. 10.4 seems to have improved there.

- When you log in, loginwindow will read your NetInfo entry and mount the filevault that it points to using your login password as the key, on /Users/jwz. To do that, it moves your homedir to /Users/.jwz and creates a new /Users/jwz, so that you can still access the sparseimage while it's active.

- Read the manpage for hdiutil, it's what makes this work.

- I prefer compacting by logging in on my administrator account and running hdiutil compact from there. That has a progress bar unlike the logout thing.

Bottom line, if your system ever gets stolen, you'll be happy you had it active. Also enable the boot password and screen saver password.

Wout.

(Reply) (Thread)

The paranoid people at work use GPG.

http://www.gnupg.org/

The Mac specific one: http://macgpg.sourceforge.net/

That way it the files stay encrypted on the backups as well, whereas FileVault gets backed up unencrypted.

(Reply) (Thread)

. . . [name deleted] at PGP is of the opinion that PGP's Whole Disk does this much better. And even though I work for them, I don't use it*, so really, I'm just like any other schmuck mentioning a product he doesn't use. But no one else had mentioned it; wanted to get it out there.

I definitely avoid Apple's FV, though. The swap problem mentioned earlier has been IIRC solved a while back, but it's that character of error that makes me assume it's like most other things built-in: decent for mom's Quicken data, but probably not satisfactory to someone who inherently crave a more complicated solution.

(* because as an employee I'm kinda required to run pre-release versions of it, and 'pre-release' and 'your entire hard drive' are not my two favorite phrases to see in one sentence.)

(Reply) (Parent) (Thread)

i turned on FileVault on my 800 Ghz G4 iBook for a year about 2003. I had absolutely no problem whatsoever. But, there is a very noticable speed penalty on this slow machine. I think the penality is more in cpu, than hard disk access. I think i had my mp3s outside of my home dir though. So, can't say how they effect mp3 playing.

it is because of the speed slow down, i turned it off eventually.

i thought maybe i should turn it on again on my new desktop machine... but didn't bother. I didn't bother because i thought i shouldn't be that paranoid to want to have everything encrypted. Secondly, if i want encryption, it had to something NSA couldn't break. Either that or no encryption at all. I wondered, just how safe is a file encryption system produced by a mass marketed commercial American corporation for the average consumers.

so, currently i just have a directory that's encrypted. I'd trust far better with GPG, but due to convience reasons i'm currently using Apple's hdid.

Xah
xah@xahlee.org
∑ http://xahlee.org/

(Reply) (Thread)

1) tried it myself back in 10.3. Lost my homedir. Basically ask yourself this: ever had a single unclean shutdown for any reason? How much would you curse the computer if your entire home directory was lost when it happened?

2) I think we use this at work. It's perfect for the situation at work: there are laptops on-campus that if they're lost or stolen, the media must be notified and it costs all sorts of money to deal with. Unless you're using encryption. Then nobody needs to know. I think with Windows they went with a commercial product that doesn't come with the OS.

In other words: for some organizations, turning on FileVault means saving money. Up to $250K of money. And avoiding a public relations nightmare.

Do you have SB 1386 section 2, paragraph e type material on an easily snatched computer? That'd be name plus any of SSN, CA ID card/driver's license number, credit card number, other bank account numbers...

(Reply) (Thread)

I don't know if this is relevant to you, but the one time I tried using filevault, I found it made my home directory completely inaccessible when ssh'ing into the box--it showed a couple dotfiles and nothing else. At least with encrypted DMGs, there is presumably some way to mount them from the command-line (though I don't know it myself).

(Reply) (Thread)

Read my post above, search for hdiutil. Either you were logged out and for some reason your .username directory wasn't moved back, or you missed the username.sparseimage file.

you can mount it from the commandline using

hdiutil mount -stdinpass username.sparseimage

(Reply) (Parent) (Thread)

terribly bad idea if you ever crash while growing the virtual partition

(Reply) (Thread)