[144887] in cryptography@c2.net mail archive
Re: FileVault on other than home directories on MacOS?
daemon@ATHENA.MIT.EDU (Darren J Moffat)
Wed Sep 23 18:55:25 2009
Date: Tue, 22 Sep 2009 13:57:36 +0100
From: Darren J Moffat <Darren.Moffat@Sun.COM>
In-reply-to: <A9B2D21F-6B0D-4ECA-BC4B-3818B6694EFB@solarsail.hcs.harvard.edu>
To: =?UTF-8?B?SXZhbiBLcnN0acSH?= <krstic@solarsail.hcs.harvard.edu>
Cc: Steven Bellovin <smb@cs.columbia.edu>, cryptography@metzdowd.com
Ivan Krsti wrote:
> TrueCrypt is a fine solution and indeed very helpful if you need
> cross-platform encrypted volumes; it lets you trivially make an
> encrypted USB key you can use on Linux, Windows and OS X. If you're
> *just* talking about OS X, I don't believe TrueCrypt offers any
> advantages over encrypted disk images unless you're big on conspiracy
> theories.
Note my information may be out of date. I believe that MacOS native
encrypted disk images (and thus FileVault) uses AES in CBC mode without
any integrity protection, the Wikipedia article seems to confirm that is
(or at least was) the case http://en.wikipedia.org/wiki/FileVault
There is also a sleep mode issue identified by the NSA:
http://crypto.nsa.org/vilefault/23C3-VileFault.pdf
TrueCrypt on the other hand uses AES in XTS mode so you get
confidentiality and integrity.
--
Darren J Moffat
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com