Apple Legacy Filevault Hole

Similar Messages

• How do i retrieve my legacy filevaulted user?

  So, here's what happened. I have an early 2008 black macbook. it was running lion. Then, last saturday, I had to force it to turn off and, after that, I wasn't being able to sign into my account again. It entered an infinite loop. I tried everything, but i ended up formatting my macbook hd and performed a clean install of lion. I had it all backed up with time machine on an external hard drive, so i didn't worry much. The problem is, my account was encrypted with legacy filevault. After the fresh intall of lion, i finally got my macbook to work again, but now i can't restore the files from my previous account. I have no other macs and i can't find any sparsebundle files on my time machine backup. What can I do to restore the files from my legacy filevaulted account on my external hard drive? I know the files are there because when i open migration assitant, the user appears, but it can't be transfered because a message appear saying filevaulted users are not transferable. Please help. I have a lot of files from two years of university, and i can't lose them.

  Your Apple ID is your e-mail address.

• Lion Legacy Filevault WHOOPS

  The following describes a serious Lion security flaw & asks how to make Apple aware of it...
  When Lion mounts a legacy FileVault sparse bundle at user login, the system logs the following to /var/log/secure.log (hostname and actual password changed for security reasons):
  Apr 11 19:39:35 hostname authorizationhost[1240]: DEBUGLOG | -[HomeDirMounter mountEncryptedHomeWithURL:attributes:dirPath:username:] | about to call DIHLFVMount. urlAttribute = /Users/.username/username.sparsebundle, password = password-here-in-plain-text, mountPointParent = /Users, homeDirPath going to the DIHLFVMount call = /Users/username
  Lion should not be writing the username and password to disk!  This is a serious security problem that renders an encrypted legacy FileVault useless because it makes the password available to anyone that can read the secure.log file.
  How does one write a problem ticket to Apple to make them aware of this?

  This is really severe!
  I have removed the file and pointed symlink to null device - this prevents writing anything to the file (at the cost of losing other security related information from this log file).
  In case anybody wanted to do the same here's what you need to paste to the Terminal.app:
  f=/var/log/secure.log && sudo rm $f && sudo ln -s /dev/null $f
  and type your password.
  (not sure, but sudo only works if you have password set and you're on an admin account)

• Need additional space to turn off legacy FileVault?

  I have a 320GB HD but the finder says I have almost 500GB of data which is impossible.  The about this mac tells me that I have 2GB free. I moved 100GB of items to the trash then emptied the trash and it still tells me I have 2GB free.  I recently upgraded to lion and when I go to deactivate legacy filevault as I am guessing that is the issue it tells me I need additional space? How can I use an external HD to fix this issue?  Can I just delete the sparsebundle that is 200GB?

  Okay, I was under the impression that you had to deactivate any legacy/previous version of Filevault before you installed Lion. I don't believe that the two versions are in anyway compatible.
  Do you have a backup of your prior SL volume?

• Can't turn off Legacy Filevault

  I have an iMac with 2 "legacy" filevault accounts from Snow Leopard.
  I turned off legacy filevault on one of the two accounts, but the second account, which is a portable home directory, always generates an error during the decryption process. I have tried repairing disk permissions, rebooting etc, nothing works.
  Any and all suggestions are welcome!

  - open the account (so that the Home is decrypted)
  - make a copy of Home folder
  - set a new temporary account (Admin)
  - restart with this new temporary account
  - remove the original Home folder, then remove the original account (via System Preferences - Users & Groups)
  - rename the copy with the original name
  - add a new account with the same original name via Users & Groups), that is recreated the deleted account
  The system ask you if you want to use the existent Folder with the same - OK
  At voila you have the account decrypted

• Legacy FileVault

  I'd like to transition to the new Lion FileVault, but I'm getting the following error:
  "There isn't enough space on your hard disk to turn off Legacy FileVault."
  Any work-around ideas?  Get a bigger HD?  Copy to a bigger external HD, make the transition, then copy back?

  Move at least that much data from your home folder to another storage device. Make the conversion, then move the data back.

• HT4790 Legacy FileVault won't turn off

  To use Time Machine, I need to turn off Legacy FileVault.  When I try to turn off Legacy FileVault, I get a message telling me I need 51.7GB to turn it off.  I have a 2GB computer so this message makes no sense (and I double checked it does tell me 52GB).

  Temporarily copy most or all of the files from your home folder to an external drive. Delete the originals. Log out and log back in. You should then be able to deactivate legacy FV and copy the files back.

• Problem turning off legacy filevault.

  Hey everyone,
  I began the process of switching over to the new filevault, but have encountered a problem turning off the legacy vault. Everything seemed to be goin well, at first. It took about 30 minutes for copying to complete during decryption. However, it has been hung up at "copying is complete..." for nearly 12 hours now and is showing no signs of moving on. I have received no errors. What can I do to maybe kick start the process again or should I just do a forced shutdown. Any help here would be greatly appreciated because at this point I honestly don't know if I have any other option than a forced shutdown.
  Thanks

  Ok, so I'm answering my own question here but it worked. I ended up doing a forced shutdown (holding down the power button until shut down initializes) from the screen indicating that "copying is complete..." When I restarted (manual restart using the power button again) the legacy vault was off and the new file vault was on and working properly. No data or settings were lost and everything was working properly.
  Thank you to all of you who took the time to look at my initial question even if you didn't have an answer for it.

• Can't see files while updating to FileVault 2?

  Hi,
  I have an older version of the Macbook Pro and have recently upgraded my system from Mavericks to Yosemite. Today I upgraded from Legacy FileVault to the newer FileVault, and I had followed all the instructions given by Apple. However, right now FileVault is encrypting my data and all of my files are hidden, when I'm supposed to be able to access them as usual. When I click on the user home tab in Finder, all my folders (Applications, Downloads, Music, etc.) have been replaced by "Library". This folder has nothing but a collection of codes. I can only access my documents by going to the "Users" folder in my hard drive, where everything is in a folder of copied information. Also, things such as touchpad settings and my background have been reset. I'm not sure if this is supposed to happen, since it didn't happen when I tried it on a friend's Macbook. I'm worried that my computer won't return back to normal and I won't be able to immediately access my documents in Finder even after FileVault has finished encrypting. Can someone please explain this?

  Just use the front camera. IOS 4.2.1 does not resize the pictures as it should do. But if you use the front camera everything works fine (it did for me).

• Safe to disable legacy file vault in Mountain Lion?

  Have an iMac with Mountain Lion installed and everytime it's logged off or rebooted it hangs at a File Vault backup screen.  I did some research and found File Vault will only backup home folder when logged off or while rebooting.  Since the home folder is huge it's probably just taking its time.
  When I went into security preferences an alert popped up saying it was using Legacy FileVault.  Is it OK to disable this?
  Also, is the home folder not being backed up by TimeMachine during normal backups since it's FileVault?
  Any suggestions or guidance would be appreciated.
  Thanks.

  Thanks a lot for your suggestion to report with Apple. In fact, this would be so easy to enable or disable it globaky from the system preferences, and or make it available from within the application preferences. In that way, each of us would be able to manage witch app is doing what.
  If this is it, maybe we could ask Apple to give us some more room to manage our files.
  Thank again.
  Regards.

• How long does FileVault take to encrypt or decrypt?

  I have been having difficulty with my iMac (2009) and in going thru each setting, it said that there was a newer version of FileVault so I clicked on the button that said do not use Legacy FileVault. Now my screen is all white with the little wheel going round and round. It has been that way since 10 am this morning. It is now 8:30 pm. All I few ant to know is if I can turn the computer off and go back to the way it was without messing up data etc.. Anybody have the answer?

  Welcome to Apple Support Communities
  FileVault encrypts your files when OS X is turned on. This means that your computer isn't encrypting files now, so you can turn off your iMac and turn it on again. The upgrade to FileVault 2 will start the next time you start up

• "Erase Free Space" work-around for non-apple ssd

  for those of you attempting to "Erase Free Space" per knowledge base article:
  "OS X Lion v10.7.3: User account passwords appear in log files for Legacy FileVault, and/or network home directories"
  quote:
  "6. Open Disk Utility.
  7. Select your OS X Lion volume on the left.
  8. Click "Erase Free Space…".
  9. Select the Erase Free Space Option you want and click "Erase Free Space". Enter admin name and password if prompted."
  but instead seeing a grayed out "Erase Free Space" in Disk Utility?
  you can perform an "Erase Free Space" by using WipeFS app by Jonathan Clark which can successfully perform a DoD (Department of Defense) wipe for digital media, apple's Disk Utility doesn't do this anymore with non-apple solid state drives (ssd)
  references:
  https://support.apple.com/kb/TS4272
  http://itunes.apple.com/hr/app/wipefs/id484887048?mt=12

  ...but instead seeing a grayed out "Erase Free Space" in Disk Utility?
  See,
  Mac OS X: About Disk Utility's erase free space feature
  which says,
  Note: With OS X Lion and an SSD drive, Secure Erase and Erasing Free Space are not available in Disk Utility. These options are not needed for an SSD drive because a standard erase makes it difficult to recover data from an SSD. For more security, consider turning on FileVault 2 encryption when you start using the SSD drive.
  Also google "erasing space on ssd".
  Bottom line, it is not something you want to do to a ssd. 

• FileVault 2

  I'm currently using Legacy FileVault to encrypt my user. The computer is shared with other people who have their own users. Legacy FileVault encrypts my user so that when another user is logged in they can't access it at all.
  My question is, does FileVault 2 do the same? From what I could gather on reading about it, it encrypts the whole disk and when an authorized user logs in the whole disk is available. That will not work for me—I need to make sure my user stays encrypted when the other users log in. They're fairly tech-savvy and I want to make sure they couldn't open my user folder just by messing around with the permissions and whatnot, since all of them have to have administrator rights. Since I'm not sure exactly how FileVault 2 works, I need to know this before I try to upgrade.

  You are dead right to be worried about your set up and Filevault 2. In your scenario, FV2 is a disaster, because any other user that can unencrypt the disk can then read the content of any other user's account through single user mode.
  There's at least three ways around this, possibly four:
  1. Don't upgrade.
  2. Upgrade, but keep legacy filevault turned on (you will be asked if you want to turn it off when you upgrade) and don't turn on FV2. This will work in Lion and Mountain Lion, but its uncertain how long Apple will support legacy filevault (for those that don't know, that's what they call the original FV).
  3. Upgrade, turn off legacy FV, turn on FV2, then encrypt your user account or the sensitive parts of it using Disk Utility to create sparse bundles.
  4. Upgrade, keep legacy filevault, and turn on FV2. Now this one I'm not sure about. Maybe others will be able to tell you if legacy FV sparsebundle's stay encrypted in this scenario. I haven't tested it myself.
  If you want my recommendation, at least for the next 12 months or so, option 2 is safest. Start researching or planning for the day that Apple drop support for the original (legacy) Filevault though.

• Decrypt filevault

  I have a client who has a FileVault encrypted hard drive and the drive is failing. The client unfortunately was not backing up the drive in Time Machine and so my only option is to try to get the files off of the failing drive. The drive failure is not critical at this point in time and is still bootable (and all files can be seen but not copied away from the drive) but disk utility reports the drive as failing when you run disk verify. The problem I am having is that I was able to back up the drive and restore it (FileVault and all) to a new hard drive but the filevault lost integrity in the migration and Mountain Lion ends up saying that filevault is corrupted after a computer restart and will not be useable after that point at all. I tried going into settings and disabling legacy FileVault after the migration but before a restart, once I have the data on a healthy hard drive, but that fails every time about 10 minutes in. I am wondering if anyone knows of a tool or a workaround for decrypting the hard drive files when I have the master username and password. I already tried making a non-FileVault user and then logging in under the FileVault user and copying files over to the unencrypted user folder with no luck. Any help at all to get away from FileVault would be much appreciated!

  Maybe this will help.
  FileVault 2 - Using fdesetup with Mountain Lion’s
  https://discussions.apple.com/message/20300269#20300269

• I restored my Macbook Pro and now I can't log in as Admin - it says there is an error with FileVault and I don't have access - plz help!  thank you.

  I had to restore my Macbook Pro from Time Capsule yesterday and now when I go to log in as my usual Admin, it says there is a FileVault error and my access is denied.  I created another temporary Admin acct, but everything I had on my desktop, etc is "gone"  I can look up the "drive' or wahtever it's called, but I can't access any of it.  All I want to do is log back in as my usual self (the regular Admin) - plz help!  Thanks.   p.s. I"m (obviously) not that computer savvy!

  Triple-click the line below to select it:
  /System/Library/CoreServices/Directory Utility.app
  Rght-click or control-click the highlighted text and select
  Services ▹ Open
  from the contextual menu.* The application Directory Utility will open.
  In the Directory Utility window, click the lock icon and authenticate. Select the Directory Editor tool in the toolbar. Select Users from the Viewing menu in the toolbar, if not already selected. Select the affected user account in the list. On the right is a list of properties and values. Select the property "HomeDirectory" and delete it by clicking the minus-sign icon directly below the property list. There are two such icons in the window. You want the one on the right, not the one on the left.
  CAUTION: Do not click the minus-sign icon on the left, below the user list.
  Then click the Save button in the lower right corner of the window. Quit Directory Utility.
  CAUTION: There is no "undo" in Directory Utility. If you make a mistake and delete something in the Directory Editor that should not have been deleted, restore your whole system from a backup and start over. I have no other help to offer in that case.
  Try again to log in as the affected user. If you can log in, you should find a file in the home folder with the name of the user and the filename extension "sparseimage" or "sparsebundle". Double-click that file. A disk image should open. Copy your files from that disk image to restore them.
  I strongly suggest that you deactivate legacy FileVault in the Security & Privacy preference pane, then log out and log back in. Consider activating FileVault 2 if you want that kind of security.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard (command-C). Open a TextEdit window and paste into it (command-V). Select the line you just pasted and continue as above.