[Mac_crypto] How FileVault Should Work (Re: TidBITS#719/01-Mar-04)

Arnold G. Reinhold mac_crypto@vmeng.com
Wed, 3 Mar 2004 07:57:36 -0500

I have to disagree with Adam on this one. Data security takes more 
than just technology, it also requires discipline. Most users have 
little of the latter. If users are just given an encrypted directory, 
they are unlikely to use it carefully enough and will leave plaintext 
file remnants in the clear portion of their user space. Encrypting 
everything is probably a better solution for most people and is an 
appropriate use of the vast surplus of machine cycles we have these 

The journaling file system in Panther should reduce the risk of 
losing the secured disk image to an acceptable level (arguably below 
the risk of of having one's laptop lost or stolen). Beyond that 
backup is the solution. Security is never free.

If someone has sensitive activities that are well segregated from 
most of what they do, they can simply create a separate account that 
is secured by FileVault (and a strong passphrase). With 10.3's fast 
user switching, it is relatively painless to change contexts, say to 
grab a file from the unsecured account. Or group permissions might be 
used to allow the secure account to access the unsecured account, 
preferably read only. (I haven't tried this.) The small hassle factor 
is probably helpful in keeping sensitive data separate from ordinary 

Arnold Reinhold

At 6:16 PM -0500 3/2/04, R. A. Hettinga wrote:
>At 8:00 PM -0800 3/1/04, TidBITS Editors wrote:
>>How FileVault Should Work
>  >  by Adam C. Engst <ace@tidbits.com>
>>   We've been uniformly negative about FileVault, the new security
>>   feature that Apple added to Mac OS X 10.3 Panther, but that
>>   doesn't mean we dislike the idea of protecting sensitive data.
>>   The problem is that Apple chose an overly simplistic approach
>>   that may be easy to use and understand but ends up making users
>>   more vulnerable to other problems.
>  ><http://www.apple.com/macosx/features/filevault/>
>  >