Slashdot Mirror
Encrypting a User's Home Directory Under Mac OS X
jnetsurfer writes "A friend of mine challenged me to see if I could place a user's home directory on a device image (DMG) under Mac OS X. Well, I decided to post my solution to the problem on the web and here, in case anyone is interested. This can be useful if you want to encrypt a user's home directory, or if you wanted to limit a user's home directory to a certain size."
PGP Disk.
The freeware version is here. I've used it before, and it works like a charm. You create a PGPDisk file on a normal volume - this contains an encrypted disk. You can then "mount" the drive after providing the correct password. I've used it in the past on NT4 and on Win2K to great effect.
Here we go, I found these unix commands in OSX 10.1.5:
...
man quota
man quotaon
man quotacheck
I have been using different encrypted file systems on Linux, mostly using the twofish algorithm. Basically, I think there are two major purposes of crypted file systems for the average geek:
1) You've got some REALLY secret information which you'd like to protect: use an encrypted file.
2) You would like to protect the information in case someone steals your computer.
In my opinion, crypting the whole system doesn't really make sence unless you're afraid of someone coming to take your computer away from you: To use the computer, you have to unlock these filesystems anyway and an intruder will be able to read your files at that time
Also, encrypted filesystems heavily slows down the system, since every read/write to disk needs some CPU. I remember getting pretty poor transfer rates, which is the reason I don't use it anymore.
The DiskImages framework and associated utilities (hdid, hdiutil) are not part of Darwin.
/System/Library/PrivateFrameworks) and plow through that.
And sadly the encryption "plugin" is embedded inside the framework rather than being external. So if you'd want to check for backdoors, you'd need to disassmble the whole DiskImages framework (in
However, since it does seem use a plugin interface, even internally, it's probably not too hard to locate just the encryption-related parts.
Note that on MacOS X, using disk images like the author of the article described is *exactly* like using PGPdisk, except PGPdisk is cross-platform and perhaps more trustworthy since its source is available for auditing.
Using OSX' diskimages however is free-as-in-beer, and probably a bit more flexible. Can you even mount a PGPdisk from the commandline on OSX ?
sudo ditto -rsrcFork /Users/USERNAME /Volumes/VOLUME-NAME/
instead, which maintains the Resource Fork information.
I kept reading and found the answer to my own question: in the late 1990s, specialized "DES Cracker" machines were built that could recover a DES key after a few hours. By trying possible key values, the hardware could determine which key was used to encrypt a message.
Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.
http://tinyurl.com/4ny52
Here you go, this HOWTO is even more complete than the article referenced for Mac OS X.
...
http://weigand.home.texas.net/efs.html
Of course, there are Linux distributions that does it out of the box. I use Suse that does this just fine
- Log in as the user whose files you want to secure.
- Create an encrypted disk image using Disk Copy at the top level of the user's home directory. When it asks for the disk image password, be sure that the "remember password" option is checked -- this saves the disk image's password on the user's default keychain.
- Use ditto to copy over the following directories from the user's home folder onto the encrypted disk image:These are the important ones; you can copy over other items as well, but definitely don't do the entire ~/Library folder, and don't do the ~/Library/Keychains or ~/Library/Preferences folders.
- Set the disk image to automount on login by dragging it into the Login Items preferences pane.
- Use mv to shift the directories aside (e.g. mv ~/Documents ~/Documents.save) and set up symlinks onto the disk image (e.g. ln -s
/Volumes/Secure/Documents ~/Documents). - Log out and log back in again. The disk image will be automounted at login, using the password stored on the default keychain which also unlocks on login. Everything should just work!
:-D - Now for the housekeeping: delete the
.save directories you created earlier, and be sure to turn off automatic login in the Accounts preferences pane.
Why do it this way instead of the way that Joshua Gitlin wrote up? First, you don't need admin access to a machine to make it work. You may not have admin access on a company machine, or as a sysadmin you may not want to give admin access to most of your users.Second, using Joshua's method, once the disk image is mounted it's open to anyone who has admin access on that machine, whether or not you are logged in at the console. By using an automounted image with the password stored on the keychain everything is secure until you actually log in, and everything is secured once you log out.
Third, this way is a lot more convenient. If you make security too inconvenient, users will circumvent it. Instead of two logins, you only have to do one. Techincally unsophisticated users (secretaries, lawyers, vice-presidents, etc.) don't need to do anything different.
<BLATANT PLUG>
Go to Apple Training and sign up for a course or two. They're well worth the money and help me keep my job.
</BLATANT PLUG>
--Paul
psuh at apple dot com
Curriculum Developer
Techincal Training and Certification
Apple Computer
The underlying AES-128 encryption is part of the Darwin distro. Look in the Darwin sources under:
src/Security/AppleCSP/AES/
This still doesn't really address the whole question -- if there's some back door somewhere higher up the stack in the disk mounting code, you won't find it here, but it's part of the solution. Validate the AES-128 code, then treat the encrypted disk image as a black box (using a simple password, without loss of generality) and see if you can decrypt the image by hand or using a util that you write yourself.
OK, I work for Apple so you really can't fully trust me on this, but I certainly don't know of any intentional back doors in this code.
--Paul
psuh at apple dot com
Curriculum Developer
Technical Training and Certification
Apple Computer
One more thing -- people have been commenting/asking about the speed of access. The algorithm for AES-128 on MOSX 10.2 has been heavily optimized. There is basically little or no additional overhead when using an encrypted disk image vs. an unencrypted disk image.
--Paul
128-bit AES allows for 128-bit keys, so yes, in decimal, 3.4e38-somethingorother (2^128). Yes, this is a greater range than DES (2^56). It's also greater than 3DES using two keys (one for the first and third stage, one for the second, so 2^112). Proper 3DES implementations use three independent keys for an effective keyspace of 2^168.
:-)
However, the keyspace of an algorithm is only one of its strengths. It's only relevant if brute force is the fastest way to crack the cipher, which is very rarely the case. In the case of DES, it was refined by the oft-maligned NSA to resist differential cryptanalysis, leaving it resistant against all but brute-force until linear cryptanalysis was 'discovered' in the mid-90s. (To those who still believe the NSA weakened DES, go read your Schneier.)
AES-128 is a new algorithm, but feels good. Brute-forcing a 128-bit keyspace would take several centuries, even taking into account Moore's law, so the difference between it and 3DES's 168 bits isn't relevant. Moreover, there are known exploits against 3DES (even if they aren't terribly helpful), whereas massive scrutiny by cryptanalysis worldwide (while Rijndael was becoming AES) has turned up nothing so far. This doesn't mean there won't be exploits, but it means that the chances that Shamir or one of the other hotshot cryptanalysts is going to bring out a paper tomorrow that invalidates all your work are very small.
So: AES-128 will keep your sister from reading your diary. Unless you believe the NSA has some sort of amazing quantum computing that's forty years beyond consumer tech (which I really, really don't), AES-128 is also likely to keep your files safe from the gimmies for several decades.
Although why the NSA would be interested in, say, my homedir, is beyond me -- the most likely person trying to crack my encryption is probably a jealous girlfriend.
Apple hasn't written too much, but they do have this doc.
Also, macosxlabs.org has written a doc that fills in some gaps. If you are going to be doing a lot during login/logout, you might want to checkout iHook from the University of Michigan. It's a great little tool that give a GUI to boring old shell scripts.
NTFS 5 (in 2000 and XP) supports transparent encryption of entire volumes which might be what you are looking for. I'm not sure if you can encrypt the entire boot partition or not as I'm not interested in that level of security. Unfortunately, if you encrypt data you lose the ability to use NTFS's transparent compression.
It's been done on shrink wrapped secure laptops running Linux/VMWare/W2K. The user only sees W2K, but everything is running in a vm on secure Linux.
I doubt that it is worth the trouble though. You generally only need to encrypt data, not executables.
Joe
Joe Batt Solid Design