Slashdot Mirror
Encrypting a User's Home Directory Under Mac OS X
jnetsurfer writes "A friend of mine challenged me to see if I could place a user's home directory on a device image (DMG) under Mac OS X. Well, I decided to post my solution to the problem on the web and here, in case anyone is interested. This can be useful if you want to encrypt a user's home directory, or if you wanted to limit a user's home directory to a certain size."
Is there also a way of encrypting individual folders (to hide the pr0n).
DEVICE ENCRYPTS YOU!!!
Call (206) 338-5780 COLLECT for information about a genuine BA, BS, MA, MS, MBA, or Ph.D.
This brings up a point. A friend of mine has been researching a way for an entire operating system (a widely used one like MacOS or Microsoft Windows) to use, exploit, and be fully functional on top of a completely encrypted file system. Or, for a file system such as NTFS or HFS+ to reside as a sub-file system, being contained within an encrypted file system, with which if you enter the system with the correct password (or biometrics or card key or combination) you'll enter the system, and the OS which resides on the system doesn't even notcie the underlying encrypted-FS and only sees the contained NTFS/HFS+/etc... Is this possible? If so, how?
Unique.
I'm sure there must be a better solution to introduce quotas on user directories.
At least Apple must have thought of this when creating os x server. And if it's in the server version, it should be easy to put in the standard edition.
Here we go, I found these unix commands in OSX 10.1.5:
...
man quota
man quotaon
man quotacheck
I have been using different encrypted file systems on Linux, mostly using the twofish algorithm. Basically, I think there are two major purposes of crypted file systems for the average geek:
1) You've got some REALLY secret information which you'd like to protect: use an encrypted file.
2) You would like to protect the information in case someone steals your computer.
In my opinion, crypting the whole system doesn't really make sence unless you're afraid of someone coming to take your computer away from you: To use the computer, you have to unlock these filesystems anyway and an intruder will be able to read your files at that time
Also, encrypted filesystems heavily slows down the system, since every read/write to disk needs some CPU. I remember getting pretty poor transfer rates, which is the reason I don't use it anymore.
I'd love to see a Linux-version of this howto! ;)
My other account has a 3-digit UID.
According to this helpful how-to, you use the Disk Utility to make an image using AES-128 encryption and then you store your home directory on that image.
The NIST has a white paper on AES which announces that the Rijndael method was the official AES algorithm and that Rijndael is designed with some flexibility in terms of block and key sizes.
Apparently 128 bit AES allows for a possible 3.4 x 10^38 possible keys which (correct me if I'm wrong here) puts it somewhere between DES and triple-DES. (?)
Can any Mac users comment on the limitations that are imposed on your choice of a passphrase?
Basically, I'd like to know how strong a method is this. Is it keep your little sister from reading your diary encryption, or more along the lines of if the Feds busted you they couldn't crack open your data with any computers due out in ten years type of encryption.
http://tinyurl.com/4ny52
sudo ditto -rsrcFork /Users/USERNAME /Volumes/VOLUME-NAME/
instead, which maintains the Resource Fork information.
The only thing that sucks about this scheme is the elaborate procedure necessary to login as this special user (first login as admin and manually mount the encrypted homedir)
I wonder if it's possible to write a Login Plugin to automatically mount the encrypted homedir using the password entered by the user. That would make the system completely transparent, while still being secure (assuming the password is good): If someone uses any other means (= security hole) to gain access to the account, the system won't have the password it needs to decrypt the homedir, so even gaining root access wouldn't help.
(This would be very similar to the way Keychains are already handled: if your login password is equal to the passphrase of your default keychain, it is automatically unlocked when you log in)
Mac OS X takes it's usual theme of 'smaller is better' to a whole new level. Heh.
I kept reading and found the answer to my own question: in the late 1990s, specialized "DES Cracker" machines were built that could recover a DES key after a few hours. By trying possible key values, the hardware could determine which key was used to encrypt a message.
Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.
http://tinyurl.com/4ny52
There's one major problem with Apple's encrypted disk images: speed. Playing an MP3 off of an encrypted disk image takes 10%+ of the CPU time on my iBook/600.
Er... I fail to see how this was a "shill" for Mr. Jobs, but anyway: you got a problem with Apple, don't read the Apple section of Slashdot. And if you've got a problem with Slashdot, don't hang out on Slashdot. Pretty simple, eh?
Why would porn be 'important' enough to encrypt ? If you're trying to hide the fact that you're watching porn on your computer, you'll have to hide all history files, logs, etc too since these probably reside in a non-crypted area.
...)
(Of course, this is only general thoughts and not a personal attack on the poster. I encrypt my financial information too
Maybe I am missing something, but I don't see a point in doing this. As the hint is described, it is apparent the image is mounted permanently, even after the users log out. It is mounted by root.
/Users.
I don't see how this can make things more secure - since anybody with proper permissions can access the contents of the mounted image via the mount point just as well as when the data was in
It would make some sense if the image would be mounted only at login (and unmounted at logout), but this is not possible with this hint either. Out of top of my head, I can't think of a way to do this.
also please keep in mind that Apple is now greatly supporting open source and is contributing wonderful technology and the type of development that only a multi-billion dollar multinational company can muster. so stop bitching.
I was thinking more of something that would encrypt the OS partition as well, and the OS could boot from the encryption scheme without hassle after the correct password (or whatnot) is put in. So, even the OS would be fully encrypted if the HD was taken out and put into another computer. All a person would see is encrypted files, no more.
Unique.
Roger Jolly's Encrypt and ".secret" scripts in AEP and the Mac OS X Encoding Plethora seem to have similiar functionality. I'm guessing these tools will not hide your directory structure or file names, but if I'm not mistaken, they will encrypt the individual files in semi-transparent manner.
Does anyone have experience using these? Is the encryption function useful?
- Log in as the user whose files you want to secure.
- Create an encrypted disk image using Disk Copy at the top level of the user's home directory. When it asks for the disk image password, be sure that the "remember password" option is checked -- this saves the disk image's password on the user's default keychain.
- Use ditto to copy over the following directories from the user's home folder onto the encrypted disk image:These are the important ones; you can copy over other items as well, but definitely don't do the entire ~/Library folder, and don't do the ~/Library/Keychains or ~/Library/Preferences folders.
- Set the disk image to automount on login by dragging it into the Login Items preferences pane.
- Use mv to shift the directories aside (e.g. mv ~/Documents ~/Documents.save) and set up symlinks onto the disk image (e.g. ln -s
/Volumes/Secure/Documents ~/Documents). - Log out and log back in again. The disk image will be automounted at login, using the password stored on the default keychain which also unlocks on login. Everything should just work!
:-D - Now for the housekeeping: delete the
.save directories you created earlier, and be sure to turn off automatic login in the Accounts preferences pane.
Why do it this way instead of the way that Joshua Gitlin wrote up? First, you don't need admin access to a machine to make it work. You may not have admin access on a company machine, or as a sysadmin you may not want to give admin access to most of your users.Second, using Joshua's method, once the disk image is mounted it's open to anyone who has admin access on that machine, whether or not you are logged in at the console. By using an automounted image with the password stored on the keychain everything is secure until you actually log in, and everything is secured once you log out.
Third, this way is a lot more convenient. If you make security too inconvenient, users will circumvent it. Instead of two logins, you only have to do one. Techincally unsophisticated users (secretaries, lawyers, vice-presidents, etc.) don't need to do anything different.
<BLATANT PLUG>
Go to Apple Training and sign up for a course or two. They're well worth the money and help me keep my job.
</BLATANT PLUG>
--Paul
psuh at apple dot com
Curriculum Developer
Techincal Training and Certification
Apple Computer
One more thing -- people have been commenting/asking about the speed of access. The algorithm for AES-128 on MOSX 10.2 has been heavily optimized. There is basically little or no additional overhead when using an encrypted disk image vs. an unencrypted disk image.
--Paul
Slashdot has jumped the shark. News at 11.
(I don't mean to hijack the thread)
What's the best way to encrypt home directories under Linux? (or another UNIX work-alike, since this method is very OS X-specific)
Also, are there 'disk images' in Linux? Transparent ways of mounting one large
That's a nice hack indeed. Now let us look at a better solution from NetBSD (only in -current at this stage, will be part of 1.7/2.0, whichever it ends up being called):
http://netbsd.gw.com/cgi-bin/man-cgi/man?cgd+4+Net BSD-current.
and the config utility:
http://netbsd.gw.com/cgi-bin/man-cgi?cgdconfig+8+N etBSD-current
What were the skies like when you were young?
Free-as-in included with OS X
Windows Solitare isn't free-as-in-beer
Remember that you're asking for a user interface here: the password for the disk needs to be requested. I don't think you can do that from where you're at, before the start of the user login process.
--Fred
Sign #11 of Slashdot overdose: You see the phrase 'moderate Republican' and you wonder if that would be a +1 or a -1.
Are there any recovery options for corrupted disk images? Losing all my information would be a ... bummmer ...
Although the disk image will be completely secure if you can't get any files off of it...
Uh...Taco and Hemos sold out *long* before they go top-of-the-line-last-tear TiBooks. If you don't like the Apple topic, remove Apple from your list of displayed topics. Better yet, don't visit apple.slashdot.org, since this story was *only* posted there.
Karma: Incomprehensible (Mostly affected by posting at +5, reading at -1, and metamoderating everything unfair.)
For example if I ssh into my home machine I get an error:
hdid -passphrase "mysecret" somediscimage.dmg
hdid: mounting somediscimage.dmg" failed: no mountable file systems.
This disc image works just fine if I do the same exact thing while logged in locally.
This can't be any more ON TOPIC!
WTF
This is why someone might consider encrypting the drive or partition. Memory contents: PGP keys, keychain key etc, could easily end on the drive in clear form. Apple need to consider adding something like TCFS to the FS options.