How Secure is File Vault?
I have to take my iMac in for servicing and am concerned about securing my data from prying eyes. I'm considering using file vault to encrypt my home folder but don't know if it will also encrypt my Keychain (I have 90+ passwords stored in the Keychain). Any thoughts or ideas are welcome.
Mark
The last time I had a Mac in for servicing, I made a bootable clone (of my internal drive) onto an external hard drive, using Carbon Copy Cloner. Then I restarted from the external and did a +zero out data+ erase on the internal drive, followed by a fresh install of Tiger.
When I got it back I restarted from the external and cloned it back to the internal drive. I thought it was far simpler than worrying about security.
Similar Messages
-
How to access file vault outside my account ?
I have enabled file vault on my account and now, obviously I lost access to my files outside it. The problem is I always used the root user to backup my computer data (this way i can remove all cache files). So, how do i get access to my files when logged in as root ?
This question would probably be best posted in the Mac OS X forums as it has nothing to do with your MacBook. The folks more familiar with Mac OS X's features might be found there. But, I don't think you can get access to those files through the root user (or any user) as that's the whole point of using File Vault: Protect your data by encrypting it. If there was a work-around for this, File Vault would be compromised.
-Doug -
i just got my late 2011 Macbook Pro logic board repaired and accidently clicked on "turn On filevault" and i never meant to do that...
Now i want to cancel file vault throu system preferences and is taling me NO, wait till my mac finishes emcrypting and thats exactly what I dont want to happen!!!!
ugh I m so frustrated right now you guys, please help!Hi Chucky Cruz,
That is exactly what you have to do. It has to finish before you can again revert it back. Unfortunately there is is no other way. Or rather, fortunately there is no other way, otherwise at least part of it might be totally corrupt. And it might just be the most important part.
Have fun when you have your Mac 'back'!
Leo -
How to remove file vault from an external drive
I had an external drive connected to a mac with file vault enabled. I want to move this drive to my NAS storage
unit. In order to use the drive on NAS storage I need to "de-crypt" the data. Is there a way to do this?
Right now I have the drive attached to a mac which is not using file vault. By using the password
I can access the drive.
Thanks!
tmRight-click the drive icon and select Decrypt from the popup menu.
-
I'm using OS 10.5.1 with File Vault active.
Is the TIme Machine back-up on the external drive secured with File Vault??+Thanks. I confess I do not know how to tell the difference between GUID and Apple Partition Map. I see that the drive has Master Boot Record scheme- is that related? I have tried another hard drive with the same results. Both are Mac OS Extended (Journaled)format.+
If a partition shows up formatted as Master Boot Record it can't also be formatted Mac OS Extended (Journaled). Do you have more than one partition on your Time Machine disk? If that is the case the partitions may be formatted differently and the partition you are using for Time Machine must be formatted Mac OS Extended (Journaled).
If you only have one partition and it is formatted with Master Boot Record, Time Machine will not work properly. You can see what partition scheme you are using for your Time Machine disk and how the partitions are formatted in Disk Utility. Launch Launch Disk Utility from the dock or from the Applications > Utilities folder. Click on the upper icon for your Time Machine disk in the left window and the partition type will show on the bottom of the Disk Utility window. It should be GUID for Intel Macs and Apple Partition Map for PPC Macs.
Click on the indented icon(s) below upper Time Machine icon. That will show the formatting for each partition. If it says Master Boot Record for the partition you are using for Time Machine you will have to repartition and reformat the disk to get rid of it. That will erase the disk so copy any files you need first. Then follow the directions in this article. -
How can I login with my admin user after the "file vault-security option" disabled?
My HD was full. So i deleted the biggest files related to file vault. After that i disabled the file vault option in security preferences, and restarted the machine. When i tried to connect again, appear the message"error in file vault". How can i fix?
I have the same problem. My Mac Mini server will not let me reset pram or safemode. Can't login. Help
-
How do I find/restore files from items in secure (File Vault) home folder? How do I find/restore files that crashed when in finder of secure (File Vault) home folder? When I go into Time Machine, I see earlier dates but can't see files in my User File. I have File Vault turned on and see my home folder as a sparsebundle. Do I neede to restore this in order to see files in my home folder. When I click on it to restore it gives me an estimated time of over 2 hours. Also tried to restore an Excel file I was working on when computer hung, so lost it without saving or naming it. Does it exist anyplace and can I restore it?
Thanks. I had pretty much figured out from other posts that I had better turn off File Vault for my home folder and use a disk utility sparse bundel for little information I wanted to secure. The information about File Vault 2 in Lion was new and useful though.
-
How to kill secure erase after turning on File Vault?
I turned on file vault on my MacBook with OS 10.6.4 and selected the secure erase option for the resulting empty space. The File Vault encryption process completed fairly quickly, but the secure erase has carried on for 48 hours and I'm just at 26% complete as per the security pane of System Preferences.
I'd like to stop the secure erase process. It seems like overkill, and as this computer (and the hard disk) are 4+ years old, I'm thinking the wear and tear on the drive is more than is necessary.
I've tried killing the secure erase process ("sudo kill -9 ...") but the process re-spawns.
My question: is there a safe way to stop the secure erase process after turning on File Vault? (I am fully backed up with Time Machine if that makes any difference.)Ah-HA! OK, I've fixed the problem the right way now instead of the ugly method of renaming secure_erase, which was admittedly a hack until I had more time to look at things.
The queue for secure_erase is stored in /var/db/fvsecureerase.jobs/ - you need to cd into that directory and look for the files there, and remove them. By deleting the numbered job, you will remove it from the secure_erase queue.
HOWEVER, please look at the files first and then manually delete the file path listed, otherwise you will leave those to-be-destroyed files UNDELETED. This is probably NOT what you want. What happens is that secure_erase moves the "original" files into a new directory (in my case the file was named /Users/jtodd.10307331336706142097) and then secure_erase does it's magic on that directory and wipes out each file in a tedious, secure way. If you made a mistake and don't want to wait the 20 days for it to finish the tedious method, you can just "rm" it the old fashioned way. I typically pipe "yes" into the "rm -R" command since there are a lot of strange permissions things that rm asks about and I would otherwise spend an hour hitting "y" on every file about which it uncertain - hooray for UNIX pipes! For instance, this is a what I did (again, as root):
sh-3.2# cd /var/db/fvsecureerase.jobs
sh-3.2# ls -lsa
total 8
0 drwx------ 3 root admin 102 Nov 12 11:44 .
0 drwxr-xr-x 51 root wheel 1734 Nov 12 11:44 ..
8 -rw-r--r--@ 1 root admin 33 Nov 10 13:53 501
sh-3.2# cat 501
/Users/jtodd.10307331336706142097
sh-3.2# rm 501
sh-3.2# yes|rm -R /Users/jtodd.10307331336706142097 -
Forgot Master Password, no acct File Vault: How to get rid of Mst Password?
Hi -
I am embarrassed, mortified, and humbled about having to post this because it's not about 'someone I know' but about something careless that I did.
This morning, I set up a second account with File Vault on my MBA (Late 2010) to keep sensitive files in it. While setting it up, I set a Master Password which I hadn't enabled before this morning. I used the password generator and used one that I dutifully copied on the clipboard with the intention of IMMEDIATELY copying it into my 1Password app. Then I set up the second account with File Vault.
Well, of course, something distracted me, I habitually copied something else on the clipboard, and I lost the Master Password from my clipboard. (I know, I've been kicking myself ever since...)
Here's my question: The Master Password is not protecting any content in File Vault and I would like to disable the forgotten Master Password and set up one that I really will remember (at least, that's the plan!). How can I do this?
I deleted the new account and I have only one other which is the primary administrator account that is not protected by File Vault. Thanks in advance for any help on this!
(possibly similar to this parallel topic: http://discussions.apple.com/thread.jspa?messageID=13321714�)See this thread:
*How to reset FileVault master password*
http://discussions.apple.com/thread.jspa?messageID=5822772
As explained there, and for obvious security reasons, a new master password created in this fashion way will not unlock any pre-existing FileVault accounts. So resetting the master password is only useful after you have turned off FileVault in all existing accounts, as is true in your case. -
Should files be securely deleted if using File Vault?
Do I need to "shred" or in someway securely delete files and mail that sit in File Vault? I am new to the MacOS and I am not sure where deleted files/mail go. If they don't leave the Home Folder it should be ok but if they somehow are relocated outside the Home Folder, I assume I would have a problem unless they are securely deleted.
Interesting question, sgmiller.
The default Trash location is a hidden directory in your Home folder, ~/.Trash, which would be in your File Vault, assuming the File Vault includes your entire Home directory and doesn't leave anything out.
When you delete a file, its directory entry is updated, rewriting the parent directory of the file to the ~/.Trash folder. Then when you empty the Trash, the directory entry of the file is simply removed and the file disappears from the file system. They don't really go anywhere, they just disappear. However, the bytes still remain on the disk until something else comes along and writes to those sectors, so Secure Delete can be used to overwrite the previously used areas of the disk with zeros.
I guess it depends on how careful you want to be. You may also be interested in using Secure Virtual Memory if you aren't already, under "System Preferences->Security".
Clear as mud, my apologies! -
How do I access my encrypted User Account files from my Back Up hard drive? Time Machine was used to create the back up disk; File Vault was used to encrypt the files.
Thanks. I will try going through TM. Since my Simpletech is on the way out, I'll be plugging in a new external hard drive (other than the back-up drive) and trying to restore the library to the new drive. Any advice or warning if this is NOT the right thing to do?
Meanwhile, that is a great tip to do an alternate back-up using a different means. It's been tough to figure out how to "preserve access" to digital images and files for posterity, knowing the hardware will always fail/obsolesce sooner or later, and that "clouds" are only as good as their consistent and reliable accessibility. Upping the odds with redundancy will help dull the edge of my "access anxiety", though logically, it can never relieve it. Will look into
Carbon Copy Cloner. -
How can I repair a File Vault sparsebundle?
Apple has directions for repairing a File Vault sparseimage under 10.3-10.4 here:
http://support.apple.com/kb/HT2631
I couldn't find anything more up-to-date, so I followed those directions but using the different permissions setup in 10.5. Everything seemed to work fine up until it came time to mount the sparsebundle. It wouldn't mount. I could drag the sparsebundle into Disk Utility, but when trying to "Repair" or "Verify" I get this error message:
Unable to attach “testserver.sparsebundle”. (Operation not supported on socket)
\[DUDiskController viewablePartitions\] expecting DUDisk, but got nil
As I was typing this post, I figured out what to do. Being an Admin doesn't cut it; you have to be root. I did not find it listed online, so I'm jotting it here; do this instead of what Apple says:
1. Disconnect from the network (turn off AirPort, unplug Ethernet) because we're about to temporarily log in as root, which could leave us exposed.
2. To enable the root user, open Applications / Utilities / Directory Utility. Unlock the icon with your admin password, then choose "Edit menu > Enable Root User". If this is the first time, enter a password for the root user, or if you have forgotten your root password, choose "Edit menu > Change Root Password".
3. Log in as root: Log out of the current account, then in the blank login screen, enter "root" as the username along with your root password. Or, if you have fast user switching enabled, make sure you are logged out of the FileVault in question, then pick "Login Window..." from the user menu. If you aren't allowed to type in a user name, open System Preferences > Accounts > Login Options, then disable "Automatic Login" and by "Display login window as" pick "Name and password".
4. Mount the sparsebundle: From the Finder's "Go" menu, pick "Go to folder..." and enter "/Users/". Drill down to the sparsebundle inside your FileVault account, and double-click it to mount it. When asked for your keychain password, cancel. Then you will be asked for your FileVault account's password. For security, make sure the "Store this password in my keychain" checkbox is NOT checked. Enter your FileVault password. The sparsebundle should mount.
5. Repair normally from Applications / Utilities / Disk Utility. The sparsebundle should appear as both a disk and a volume in the left pane of the Disk Utility. When done, quit, eject the sparsebundle and log out of the root account.
6. IMPORTANT: Log back in to a normal administrator account, open Applications / Utilities / Directory Utility, unlock it if necessary, then pick "Edit menu > Disable Root User". Lock the utility and quit.
7. If you disconnected from the network in step 1, it's okay to reconnect now.
From a security standpoint, it's best to leave the root user disabled. Most of the time, an admin user can get temporary root privileges; this just happens to be an exception.Figured it out and shared solution.
-
How do I restore partial backup of File Vault protected files?
Here's what happened.
Used TM on an external drive not big enough to do a full backup of my internal drive (with File Vault protected home folder), so I excluded everything but my Documents and Photos folders. I saw TM working, I could browse through old backups in TM and locate files. I know the home directory won't copy when you are logged in and FV turned on, and I never had the TM drive attached when I was logged off, but I didn't backup my home folder, just files inside it and like I said, I was able to view the files in TM.......before my internal drive died.
So now I got my laptop running again and can't restore from TM because I didn't have a full backup. And while I can open TM now and scroll back to previous backup dates, there's nothing in my old users directory except some Acrobat user data junk. I've looked at the directories in Finder and don't see any of the sparse bundle (?) files I've seen in other posts.
6000 photos. Gone.
Hundreds of dollars of iTunes downloads. Gone.
Please tell me there's a way to recover this. I don't care as much about the music, that's replaceable, but I really want to get those photos back. Is it possible? Was TM tricking me into thinking my photos were backed up when they weren't? I have to be missing something; I need help from anyone that can. It doesn't seem right to show me the files in TM if they really hadn't been backed up.stephenberk wrote:
I never logged out, only restarted after Software Update.
As I noted, TM only backs up a FV User folder after you log out, giving you a notice that a backup is about to start. If you never logged out and have never seen this notice then you have no backup of your FV folder.
The data may still be available on your HD and can be recovered with software and/or commercial data-recovery businesses, but being encrypted makes it much more difficult.
When I scrolled back through my backups, I could browse the Photos and Documents. I prevented TM from backing up Library and Public and couldn't browse those. Where are those partial backups? I feel beyond misled by Apple. How could I have seen (and still see the dates in TM the backups were done) all those things if it hadn't actually backed it up? I could have easily copied my files manually onto the firewire drive (as I was doing before I started using TM). But then I had to delete those backups to run TM on it. Unbelievable. This almost seems criminal. -
How do I extract pages from a Secured PDF file
How do I extract pages from a Secured PDF file?
Adobe would call that hacking, and don't allow discussion of it in this forum. You should contact the copyright holder and see if they are prepared to release the password, or an unsecured document, to you. If it's something made for you like a bank statement you should tell the bank how inconvenient their choices are.
-
i tried to encrypt using file vault but it froze slowing my macbook pro, how can i get things moving or stop the encryption
Back up all data before proceeding. There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
Start up in Recovery mode. When the OS X Utilities screen appears, select Disk Utility.
In the Disk Utility window, select the icon of the startup volume from the list on the left. It will be nested below another disk icon, usually with the same name. Click the Unlock button in the toolbar. When prompted, enter the login password of a user authorized to unlock the volume, or the alternate decryption key that was generated when you activated FileVault.
Then, from the menu bar, select
File ▹ Turn Off Encryption
Enter the password again.
You can then restart as usual, if the system is working. Decryption will be completed in the background. It may take several hours, and during that time performance will be reduced.
If you can't turn off encryption in Disk Utility because the menu item is grayed out, you'll have to erase the volume and then restore the data from a backup. Select the Erase tab, and then select
Mac OS Extended (Journaled)
from the Format menu.
You can then quit to be returned to the main Recovery screen. Follow these instructions if you back up with Time Machine. If you use other backup software, follow its developer's instructions.
Don't erase the volume unless you have at least two complete, independent backups. One is not enough to be safe.
Maybe you are looking for
-
How can I get the context-parm from a web.xml file using struts?
Hello: I need get the context-param from the web.xml file of my web project using struts. I want configurate the jdbc datasource connection pooling here. For example: <context-param> <param-name>datasource</param-name> <param-value>jdbc/formacion</pa
-
someon help me
-
Is there a project management software for the IMAC
I am new to Apple and I am wondering if there is a good project management and flow charting software available for Apple?
-
How is WE8MSWIN1252 characterset storing chinese characters???
I've read several oracle globalization documents and I'm very confused now. Here's my setup:.. everything is on 1 machine I'm runnig oracle 9.2.0.4 database on windowsXP. HKLM\SOFTWARE\ORACLE\NLS_LANG registry key value = NA HKLM\SOFTWARE\ORACLE\HOME
-
Flash swf componrnt button color changing by flex script
i have a swf button created in flash which is used in flex. the button has got an arrow which is initially black, now i have to change the color of that arrow dynamically. i know flex a little bit but dont know flash. i have the source - fla - file o