Encrypting File System Options for Mac OS X?

fieldmouse asks: "I recently had a laptop running Mac OS X stolen. Despite the fact that I got it back, that incident has me looking for an encrypting file system for Mac OS X; preferably one that would create a psuedo drive that I could unlock once when I log on. Anybody have any suggestions?" About 2 years ago, Ask Slashdot did the Linux version of this question. Has this gap been filled in Apple's latest OS offering?

Disk Image?

[Drizzt+Do'Urden]

Create an encrypted disk image with Disk Copy, make it writable, and drop your sensitive data in it ;)

Re:Disk Image?

[Drizzt+Do'Urden]

I wonder how I can be redundant if I am the first to post this..
Yeap.. that's kinda weird.. ;)

how about a disk image?

[Niksie3]

Hi,

Have you concidered making an Apple Disk Image (.img file), it can use some form of 40bit encryption..

[xdfgf] Hi

My cock is still delicious

thank you

Open Source Development HOW-TO by poopbot

Credits: onby

1. Introduction

As everyone knows, Open Source software is the wave of the future. With the market share of GNU/Linux and *BSD increasing every day, interest in Open Source Software is at an all time high.

Developing software within the Open Source model benefits everyone. People can take your code, improve it and then release it back to the community. This cycle continues and leads to the creation of far more stable software than the 'Closed Source' shops can ever hope to create.

So you're itching to create that Doom 3 killer but don't know where to start? Read on!

2. First Steps
The most important thing that any Open Source project needs is a Sourceforge page. There are tens of thousands of successful Open Source projects on Sourceforge; the support you receive here will be invaluable.

OK, so you've registered your Sourceforge project and set the status to '0: Pre-Thinking About It', what's next?

3. Don't Waste Time!

Now you need to set up your SourceForge homepage. Keep it plain and simple - don't use too many HTML tags, just knock something up in VI. Website editors like FrontPage and DreamWeaver just create bloated eye-candy - you need to get your message to the masses!

4. Ask For Help

Since you probably can't program at all you'll need to try and find some people who think they can. If your project is a game you'll probably need an artist too. Ask for help on your new Sourceforge pages. Here is an example to get you started:

"Hi there! Welcom to my SorceForge page! I am planing to create a Fisrt Person Shooter game for Linux that is going to kick Doom 3's ass! I have loads of awesome ideas, like giant robotic spiders! I need some help thouh as I cant program or draw. If you can program or draw the tekstures please get in touch! K thx bye!"

Thousands of talented programmers and artists hang out at Sourceforge ready to devote their time to projects so you should get a team together in no time!

5. The A-Team

So now you have your team together you are ready to change your projects status to '1: Pre-Bickering'. You will need to discuss your ideas with your team mates and see what value they can add to the project. You could use an Instant Messaging program like MSN for this, but since you run Linux you'll have to stick to e-mail.

Don't forget that YOU are in charge! If your team doesn't like the idea of giant robotic spiders just delete them from the project and move on. Someone else can fill their place and this is the beauty of Open Source development. The code might end up a bit messy and the graphics inconsistant - but it's still 'Free as in Speech'!

6. Getting Down To It

Now that you've found a team of right thinking people you're ready to start development. Be prepared for some delays though. Programming is a craft and can take years to learn. Your programmer may be a bit rusty but will probably be writing "hello world" programs after school in no time.

Closed Source games like Doom 3 use the graphics card to do all the hard stuff anyhow, so your programmer will just have to get the NVidia 'API' and it will be plain sailing! Giant robot spiders, here we come!

7. The Outcome

So it's been a few years, you still have no files released or in CVS. Your programmer can't get enough time on the PC because his mother won't let him use it after 8pm. Your artist has run off with a Thai She-Male. Your project is still at '1: Pre-Bickering'...

Congratulations! You now have a successful Open Source project on Sourceforge! Pat yourself on the back, think up another idea and do it all again! See how simple it is?

- posted by poopbot: for all your crapflooding needs

B0WwPrT3dB Post #284

Use Disk Copy and stay neat

[Paul+Burney]

The application/system items on the drive don't need to be encrypted of course so just create a new disk image in disk copy, choosing the 128-bit AES encryption option. You will be prompted for a password to use. (Don't save it to the keychain, duh.) You will have to enter your password twice when you open the image.

Now be very careful with your documents/items and always save them to the encrypted disk image.

The other benefit is that keeping all your important things on that image allows for easy backups.

Re:Use Disk Copy and stay neat

[klui]

Do these AES images work with OS 9's Disk Copy? My only hesitation since I still have PGPDisk (the free version) which works between Mac OS 9 and Windows.

Re:Use Disk Copy and stay neat

[Parsec]

They will be mutually incompatible. You can't use PGPDisk with Classic in X (fails to mount) and you can't use AES images in MOS9.

To convert, you'll have to copy your data out into unencrypted space via PGPDisk in MOS9, boot into X to copy your data into an AES image, and do a good wipe of your unencrypted data. The AES image can also be stored and mounted from a server, while PGPDisk didn't like that.

Re:Use Disk Copy and stay neat

Apple hardware sucks. The os was a great attempt, but as you see below, there is not much time left for Apple.

I see great amounts of RECENT evidence times are really bad. Why? They screwed me, a
former enthusiast who went PC/UNIX years ago and was never compelled to return. Why?
Exhorbitant hardware prices and total lack regard for my computing freedom, as is
exemplified below.

Neither product offered much consolation to Mac loyalists reeling at two spiteful examples
of corporate thievery: there will be no upgrade pricing to Jagwyre (Mac OS X 10.2), with
only the full $129 price available at the Apple Store; and $100 a year pricing ($49.95 for
the first year) for a rehashed iTools offering. The "dead silence" with which
this news was received, reports MacBlog is nothing compared to user comments.

To add insult to injury, the new iTools has a Microsoft-style name, to go with the
Microsoft-style pricing.

=========

Bruising by Apple
Roland Miller III

One notable fact concerning Apple's customer base is that it has always tested very highly
in the category of brand loyalty. "Once a Mac user, always a Mac user." Apple
has depended on this customer loyalty to get it through some rough times. It could always
count on a portion of the market to continue to buy Apple products and continue to upgrade
with Apple products. Despite (or perhaps due to) this loyalty, Apple has subjected its
customers to some decidedly anti-customer abuses.

The latest example of Apple bruising its customers is a doozy. Due to shortages of the
higher speed G4 processors, Apple speed reduced its entire line by 50 MHz and kept the
prices the same. On top of that, Apple unilaterally cancelled all outstanding G4 orders
with instructions that customers should reorder their systems. This has the net effect of
increasing everyone's cost for the same system.

Needless to say, this action produced a massive and immediate customer backlash. Based on
what I have seen on the net, this uproar lasted a few hours before Apple backed down and
started to rejoin reality. After about a day of total confusion and rampant rumors
followed by a week of small clarifications, Apple made right and reinstated all G4 orders
except the high end 500 MHz model. Those customers were offered the choice of purchasing
the "new" 450 MHz model at the original 450 MHz price, which is what should have
been done in the first place.

While it is possible for me to see some corporate logic behind the original decision,
never the less, this bright idea should not have left the meeting room where it was
hatched. It doesn't take an MBA (obviously) to predict the firestorm that was touched off
when this decision was implemented. The only positive thing I can see in this fiasco was
the speed at which corrective steps were implemented. The corporation responded to its
customer's will and proved somewhat nimble in the process.

Another recent example of Apple bruising was with AppleShare IP 6.2. Apple decided to
charge several hundred dollars for this upgrade (the previous being 6.1.) The only problem
was that aside from a few new features, it was mainly seen as a bug-fix and compatibility
upgrade for MacOS 8.6 (which itself was a free upgrade to 8.5.1.) You couldn't run ASIP
6.1 on 8.6 and you couldn't run the upgrade on 8.5. Again, the reaction was very
predictable: customer outrage. Apple listened to its customers and eventually made 6.2 a
free update to 6.1.

You may have also have heard about Apple purposefully preventing G3 owners from installing
G4 CPU upgrades with a firmware upgrade that officially solved another problem. People
were again outraged when the rumor was confirmed by all of the CPU upgrade companies. The
outrage keyed on false advertising and speculation that Apple released a Trojan horse.

There were unofficial rumors from anonymous Apple employees that this firmware block will
be removed with Mac OS 9. However, there has been no official word from Apple concerning
this issue. In the meantime, all the CPU upgrade companies have announced that they have
gotten around the block and that their respective upgrade will work fine when they ship.

While Apple has responded favorably to two of these examples, all of these misfires do
take a toll. Many people simply will not tolerate this sort of behavior from a major
corporation. A company simply cannot afford to make too many of these types of decisions
and still remain in business.

Ultimately what can be learned from these examples?

The perception of the "bottom-line" doesn't always coincide with the needs of
the consumer resulting in corporate mistakes of judgement. Some of them can be bad enough
to make the pages of the Laramie Daily Boomerang. I can't speculate on whether these bad
decisions were based on stupidity or on over estimating the loyalty of AppleÕs customers
or both. Apple has taken concrete steps in most of these cases to defuse the situation. As
long as Apple continues to admit that it is wrong and make things right immediately, I
will still tolerate being one of its customers.

Until next time. . .

===========
Apple tried to block G3 owners from upgrading to G4. Nice guys.
PowerForce G4 ZIF

The PowerForce G4 ZIF (Zero Insertion Force) is the only G4 CPU upgrade you will want to
upgrade your "Beige" Power Mac G3, "G3 All-in-One" educational model,
Blue and White G3's and the Yikes Motherboard Graphite G4's. The PowerForce G4 ZIF is one
of the highest performance CPU products when used with "AltiVec enhanced"
software. Utilizing the second generation PowerPC 7410 processor ("G4") the
PowerForce G4 includes a full 1 megabyte of backside cache running at up to 220MHz.

G4 ZIF Upgrade vs. 800MHz G4 Apple: PowerForce ZIF G4 550/220/1MB Apple G4 733 Price $289
$1599

The Bottom Line: If you already have quite a bit invested in your Power Mac G3, it just
makes sense to upgrade the processor rather than opting for the new G4 systems from Apple.
Apple has finally eliminated all of the legacy ports with the removal of the ADB port on
the new G4 systems, not to mention the removal of the serial ports, and SCSI on the Blue
and White G3 systems. So the choice is clear. PowerLogix saves you hundreds of dollars
over the cost of buying a new system!

PowerLogix was the first to release a solution for the G4 ROM block for Blue and White
G3s.

=========

http://docs.info.apple.com/article2.html?artnum= 60 839
TITLE Firmware Update: Firmware Updates 4.1.7 and Later May Disable Out-of-Spec
Third-Party RAM Article ID: Created: Modified: 60839 4/12/01 9/28/01

Read up. Apple is trying to make it harder and harder to use "out of spec"
hahahaha memory. Luckily www.crucial.com always works. But imagine, a firmware update that
DISABLES YOUR MEMORY.
==========

This is a good start (the buying public is sending a message to Apple, how do the intend
to GROW thier market share????????)

Apple profits halve in Q2

Jobs preducts flatness ahead

By INQUIRER staff: Tuesday 16 July 2002, 22:05

APPLE MADE A NET profit of $32 million for its third quarter, almost half the profit it
made in the same period last year, and turnover fell three per cent to $1.43 billion
compared to the quarter in 2001.

http://www.theinquirer.net/?article=4467

===========

Funny, a BSD platform hanging in the balance because it fails an an MSFT VAR. Its not
BSDs
fault, trust me, its Apple.

Will Microsoft dump Mac support?
http://www.theinquirer.net/?article=4485
Two firms slag off each other

By INQUIRER staff: Wednesday 17 July 2002, 12:22

IS MICROSOFT CONTEMPLATING ditching support for Apple Macs?
That's the thrust of an article that appeared on Wininfo a day or two back, but if
Microsoft is getting out of the Mac market, it's not quite yet.

And all is not well in other respects, reports Mac Rumors, which has posted what it says
is an Apple FAQ saying people will have to pay for .mac accounts.

Microsoft has already prepared a press release to time with the Macworld Expo saying
that
it has announced a Microsoft Office V.x "triple header", this being an
announcement which offers better mobility with Palm handheld for Entourage X, a way to
buy
Office v.X cheaper, and some Windows compatibility with the RDC client.

The Wininfo article, however, quotes Kevin Browne, who runs the Mac Business Unit at
Microsoft as saying Apple hasn't made much of an effort to promote Mac OSX, even though
there are opportunities.

He is quoted as saying that "if things don't dramatically turn round", it
might
be Goodnight Mr Chips for Steve Jobs firm.

But the same article says that Apple blames Microsoft for sales problems with Office
v.X.

Jobs and Microsoft's Bill Gates have traditionally had a somewhat strained relationship.
Is this the beginning of the beginning of the end between the two companies?

Wininfo.

Mac Rumors is providing a blow-by-blow account of what's happening at MacExpo on the
site
link above - it seems Apple may well announce support for Nforce 2, too.

On the Nvidia site, here, you'll see that Digital Vibrance Control is "currently
unavailable on Mac systems", which is more than just a hint, we guess.

*JOBS KICKS off MacWorld Expo at the Javitz Center at 09:00 Eastern time. There will be
a
live Webcast using Quicktime, natch, here.

Re:Use Disk Copy and stay neat

Anyone know if there is a shell interface to mount/decrypt the encrypted volume?

Re:Use Disk Copy and stay neat

[nickovs]

Disk images in OS X can be mounted with the hdiutil command. I've never tried mounting an encrypted disk but given the way that Apple implement their crypto using CDSA I expect that it will simply offer up the usual dialogue boxes and let you type in the key (since the prompts for passphrases to CDSA are generated by the kernel code).

Re:Use Disk Copy and stay neat

[nickovs]

Just to confirm, if you type hdiutil mount imagefile.dmg on an encrypted image you get a prompt to enter the passphrase and it then mounts successfully. I can not see a simple way to provide the passphrase from a program but you might be able to do it with some careful AppleScript. Of course this would totally negate any security if you kept the passphrase in the script.

Re:Use Disk Copy and stay neat

[EccentricAnomaly]

And you can mount encrypted and unencrypted disk images remotely via a url... cool dat

Re:Use Disk Copy and stay neat

[bleyddyn]

if you type hdiutil mount imagefile.dmg on an encrypted image you get a prompt to enter the passphrase

I wish I knew what I was doing wrong, but I've never been able to get that to work. I always get errors like the following:

/usr/bin/hdid: "Misc.dmg" does not appear to be a disk image: No such file or directory

hdiutil: mount: mount failed (57344).
hdiutil: mount failed - unknown error (57344)

But I've mounted the disk images numerous times from the finder.

A Simple Solution

[PastorOfMuppets]

Use Disk Copy (located in the Utilities folder) to ccreate an encrypted disk image and add that image to you "Login Items" in the Login Prefrence Pane.

Or the old fashioned way

[xinu]

Not that I've tried this or even really given it much thought about it. But the command line "crypt" in your .login and .logout could always crypt and decrypt your home dir. Just a thought.

Re:Or the old fashioned way

[xinu]

Whoever modded me down, YOU SUCK. A totally valid comment and I lose Karma from Excellent to Good now. Again, you suck.

Re:Or the old fashioned way

Err, you're not supposed to use the +1 bonus on short little comments. It's not for one liners like you just pulled.

The moderator was totally in order, and totally correct as moderating it down as overrated. Far, far too many people (such as yourself) abuse the +1 bonus. I'm happy there are moderators around like that who can understand that, and punish it.

Posted anonymous to protect the enlightened.

Re:Or the old fashioned way

Besides, he is stupid. crypt has very weak encryption.

Re:Or the old fashioned way

and crypt isn't on the system by default. Where does it live?

Re:Or the old fashioned way

[mkldev]

The concept is sound. The utility isn't. Mac OS X ships with OpenSSL installed, which is capable of encrypting/decrypting with a wide variety of encryption schemes.

The real problem with this is that it's far too easy to recover the original unencrypted material if you just delete it. You also need to do a multi-pass wipe. I don't know of any tools to do this (apart from Wipe in Classic), but you could write one pretty easily.

There's also the issue of multiple concurrent login sessions, but since I assume you meant login via the GUI login pane, that's not so much of an issue (except when you try to ssh into the machine).

Re:Or the old fashioned way

Feh, you're just pissed you blew your opportunity. Bessides, people that mod things as overrated are generally doing it because it escapes meta-mod.

posting anon because I can

Re:Or the old fashioned way

The real problem with this is that it's far too easy to recover the original unencrypted material if you just delete it. You also need to do a multi-pass wipe. I don't know of any tools to do this (apart from Wipe in Classic), but you could write one pretty easily.

That's my concern as well. I was considering using normal disk images and encrypting them with gpg, but it order to use the encrypted disk I'd have to save an unencrypted copy to my harddrive, which would sort of defeat the purpose. Perhaps it's possible to unencrypt the image file to a ram disk, and mount it from there?

Anyway, for now I'm just using Disk Copy's builtin AES 128-bit encyption. Does anyone know how good Disk Copy is about keeping unencrypted data in memory only? I'd hate to think theres a scratch file somewhere with unencrypted versions of all my data...

Fwiw, some of what I keep on an encrypted disk is my gpg and ssh keys. I wipe out the disk image file whenever I'm taking my ibook somewhere not-secure where there is a chance of it being seized or stolen, and restore later from a super-31337 mini cdr I have. (which has another level of encryption on it).

Paranoia is fun, but but also healthy especially in these days when government seizure isn't that far-fetched.

well

[caveat]

if there's a Linux solution, there's at least a relatively easy to create OS X solution, at least. (or does X fully support only HFS+ disks?)

Re:well

[Erik+K.+Veland]

Well, if you run a server and no carbon applications you are fine with UFS. HFS+ is still the way to go for 99% of all users though.

Re:well

[mkldev]

Carbon apps (at least well-written Carbon apps) work fine with UFS. I assume you meant Classic apps, which of course, can't see anything but HFS/HFS+ and certain remotely mounted volumes, and can't launch except from HFS+.

Disk Image

[mlknowle]

I made a 200mb disc image using Apple's (built in) Disk Copy app, and enabled the encryption options. I keep sensitive docs and client notes on it; whenever I need it, I open the disk image, type my passphrase and the disk pops up like any other removable media.

When I'm finished, I just eject it. How secure is this? I'm not sure what function Disk Copy uses for encryption, but it is enough that if my laptop were stolen, I'd worry about the computer, not the data.

Re:Disk Image

http://csrc.nist.gov/encryption/aes/aesfact.html

Crypt

[xinu]

I'm going to post this again, but with a link this time.

Look at Crypt using Blowfish and all that jazz.

Running Solaris as an Admin I have crypt encrypt some docs upon .login and upon .logout for some documents. Never tried it for OSX but I don't see how it should be any different other then it's going to pop up a GUI asking for your passwd.

Following the UNIX and Perl mantra, there is always another way of doing something...

Re:Crypt

[c13v3rm0nk3y]

I hate to be a "meto", but I second this. Very cool app for encrypting discrete files on your Mac. It has the option of scrubbing the original file after encryption.

Re:Crypt

[llamalicious]

for the acronym impaired:
that's TIMTOWDI:
There is more than one way to do it.

From the 2nd edition Camel book.

DropAES encrypt as you go

[kraksmoka]

http://homepage.mac.com/hteric/FileSharing1.html Also has compression in utility. Uses built in SSL to create blowfish or triple des encrypted files. Not so elegant as the image, but more shareable.

Re:DropAES encrypt as you go

The author of DropAES has dropped the development of DropAES and moved code to DropTBZ. It is a freeware and also has AES encryption if properly configured

Disc Image

[djupedal]

...allows encryption

CFS

Use Matt Blaze's CFS. It supports encrypted (3DES) volumes, with timeout support among others. It's NFS loopback mount, so it will work on pretty much any UNIX -- including MacOS X and *BSD. NetBSD has TCFS which is AFAIK more tightly integrated (at VFS level).
Get CFS here: http://www.crypto.com/software/

Dear Apple

Dear Apple,

I ama homosexual. I boughtan Apple computer because of its well earned reputation for being "the" gay computer. Since I have become an Apple owner, I have been exposed to a whole new world of gay friends. It is really a pleasure to meet and compute with other homos such as myself. I plan on using my new Apple computer as a way to entice and recruit young schoolboys into the homosexual lifestyle; it would be so helpful if you could produce more software which would appeal to young boys. Thanks in advance.

with much gayness,

Father Randy "Pudge" O'Day, S.J.

Disk Copy

[gabe]

Here's another vote for Disk Copy.app. Very simple and easy to use. If you need to encrypt only a few files, try Puzzle Palace.

also Open Firmware Password utility

[bhamm]

i don't personally encrypt my drive, although after reading the other replies, I may tinker with that a bit.. what i've been doing with my powerbook g4 is using Open Firmware Password which prevents booting from anything except a single designated 10.x partition. If you try to boot from another partition, CD, or external drive, you're presented with a very plain password screen with no instructions. I then have the screen saver set to require my password to get back to the finder. it's not obviously quite as secure as encrypting an entire volume, but is fairly secure..

Re:also Open Firmware Password utility

[usr122122121]

If you try to boot from another partition, CD, or external drive, you're presented with a very plain password screen with no instructions. I then have the screen saver set to require my password to get back to the finder. it's not obviously quite as secure as encrypting an entire volume, but is fairly secure.

The open firmware password method is a very useful if you are limiting physical access to the computer... however, if the computer was stolen, you don't have that sort of control.

The thief could very easily remove the hard drive from the computer and place it into another one to circumvent Open Firmware Passwording. Thus, in addition to Open Firmware Passwording you must also have some sort of encryption to safeguard the files on the disk.

Re:also Open Firmware Password utility

probably it's also easy (and fast) to boot the powerbook in firewire disk mode, so you don't even have to build the disk into another mac...

Set a password on Open Firmware too

This doesn't encrypt your data - but does stop anyone booting from an external drive or CD, or booting into Single User mode.

So a thief would have to remove your laptop drive and try to mount it in another Mac to get anywhere near your data.

HTH!

Nick

PGPdisk

Well, I like the DiskCopy solution under OS X, but my preference under 9 etc was PGPdisk. Of course who knows what is happening there (as has been discussed on /. recently). I do like it under 9 though.

Advance Encryption Standard (AES)

[stux]

http://csrc.nist.gov/encryption/aes/aesfact.html

(or you could just mod up the previous guy ;))

Including the all important "What is the Advanced Encryption Standard (AES)?"

Why don't you just get a REAL operating system...

Instead of screwing around trying to find stuff that's been out on Windows for ages?

Apple still don't have an encrypted file system? Pathetic.

a better solution

use the PPC version of Windows 2000. You can just right-click (option-click for you one-button mousers :) to encrypt a file. Works on directories, too!

Re:a better solution

Is that even available to the public, and capable of running on a Mac? I'm pretty sure NT4 PowerPC would not run on Macs.

Disk Copy with second keychain

[ekc]

As others have mentioned, Disk Copy is definitely the way to go for creating a password-encrypted volume in Mac OS X. You can make the disk images as large as you want, they are functionally pretty much indistinguishable from normal volumes, and there's no reformatting involved.

I just wanted to add one point about storing your passwords that makes life even simpler. Try using Keychain Access to create a second keychain you call "secure" or something to that effect. Make this temporarily the default keychain so that when you create your disk images, you can store the passwords to this new keychain. Configure the keychain so that it will relock itself after a short period of time (say 15 minutes), then set the default back to your regular keychain.

That way, you need only enter the password once to have access to every encrypted disk image, and in my experience, by the time you're done and you unmount the volumes, everything will be locked again!

Re:Disk Copy with second keychain

Does anyone know how the encryption of the keychain compares to AES?

I like the idea of the second keychain, but wouldn't want to sacrifice any security if the keychain can be cracked easier than AES.

This is a Negro problem, not a crypt problem

Unfortunately, you are looking for a technological solution to a societal problem. Until we start dealing with the Negro problem we are going to founder while seeking some bogus technological philosopher's stone. Until we start dealing harshly with the Negro who stole your computer, and the Mestizo half-breed who murdered little Samantha Runnion, our white society will be plagued by the fear and uncertainty engendered by these sub-human animals.

When we remove the Negro and Mestizo numbers from American crime statistics, what do we find? We find that America has the lowest crime rate in the industrialized world. It is the Negro and Mestizo which skews that crime stats. America has a Negro problem, not a crime problem. The only solution is the expulsion of the Negro and Mestizo from America. Either ship the Negro back to Africa or seek a real technological final solution for the Negro problem.

Re:This is a Negro problem, not a crypt problem

You're right, white man only steals big time (Enron & Co.), doesn't go after laptops... they don't kill people, they just send boys to war and only go after mass murder. They don't even go to jail!

What a perfect society.

Recovering Stolen Goods

[mumkin]

Nice to hear that fieldmouse's laptop was returned, but it begs the question: how did you get it back? Since you were successful in this, I'm interested in whatever actions you took beforehand/afterward which facilitated recovery. Or was it just dumb luck? Tips to help the rest of us prevent/deal with a theft?

Re:Recovering Stolen Goods

Years ago I had a desktop machine (6100) stolen, and got it back.

Here in Australia, Apple keeps a register of stolen serial numbers. I just rang them up and reported the number.

Then about 3 months later, it was taken to an Apple reseller for service, and they checked the serial number and found it reported as stolen. The cops were there when the guy came back to pick up the computer.

At the time several people asked about this. Apparantly Apple US had no such database.

Show me the code

[bckspc]

For keeping your passwords safe from the average laptop thief, Disk Copy is probably fine. But for protecting your sensitive info from The Man, I'd be just a little wary of proprietary packages. Has anyone seen the source code for Disk Copy? Are you absolutely sure that there are no backdoors for law enforcement? Apple would stand up to the Feds in defense of their loyal customers, right?

Depending on the level of security you're after, I recommend open source software that's been audited by lots of paranoid geeks.

--
Design + Activism

Experience with the disk image solution

[Aram+Fingal]

I have been using encrypted disk images in Mac OS X for well over a year now and it works very well.

I was worried, at first, that disk images could become corrupted if something went wrong and make the entire contents unreadable. They are actually quite robust. You can even open a terminal and kill the process called hdid which will force unmount the image in the middle of a copy operation, and your data is still safe.

You can open an image from an AppleTalk server and use that to encrypt your network traffic. It works, I've checked it with a packet sniffer.

Part of the reason images are so good for backups is that they preserve the relative pointing of aliases. If you just do a finder drag-and-drop copy with a folder, any copied aliases from that folder will point to the item in the original and not the copy.

The encryption process can make use of both AltiVec (Velocity Engine) and multiple processors. With a G4, you hardly notice the processor time needed to perform the encryption/decryption.