Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encrypting a User's Home Directory Under Mac OS X

Posted by CmdrTaco on from the now-ya-see-it-now-ya-don't dept.

jnetsurfer writes "A friend of mine challenged me to see if I could place a user's home directory on a device image (DMG) under Mac OS X. Well, I decided to post my solution to the problem on the web and here, in case anyone is interested. This can be useful if you want to encrypt a user's home directory, or if you wanted to limit a user's home directory to a certain size."

5 of 87 comments (clear)

  1. So how strong is AES-128? by ubiquitin · · Score: 3, Insightful

    According to this helpful how-to, you use the Disk Utility to make an image using AES-128 encryption and then you store your home directory on that image.

    The NIST has a white paper on AES which announces that the Rijndael method was the official AES algorithm and that Rijndael is designed with some flexibility in terms of block and key sizes.

    Apparently 128 bit AES allows for a possible 3.4 x 10^38 possible keys which (correct me if I'm wrong here) puts it somewhere between DES and triple-DES. (?)

    Can any Mac users comment on the limitations that are imposed on your choice of a passphrase?

    Basically, I'd like to know how strong a method is this. Is it keep your little sister from reading your diary encryption, or more along the lines of if the Feds busted you they couldn't crack open your data with any computers due out in ten years type of encryption.

    --
    http://tinyurl.com/4ny52
  2. Re:Not fast by Pfhor · · Score: 5, Insightful

    Why would you be storing your mp3s on an encrypted disk?

    I would think personal financial documents and porn would be much more important. Of course mpeg playback would be hindered, which would be a problem.

  3. Encrypting porn ? by snowtigger · · Score: 2, Insightful

    Why would porn be 'important' enough to encrypt ? If you're trying to hide the fact that you're watching porn on your computer, you'll have to hide all history files, logs, etc too since these probably reside in a non-crypted area.

    (Of course, this is only general thoughts and not a personal attack on the poster. I encrypt my financial information too ...)

  4. Re:Not fast by vasqzr · · Score: 2, Insightful



    When the RIAA/MPAA/whoever carts your ass off to jail for having MP3's of songs you don't own the CD's to....you'll wish you had encrypted your music.

  5. Re:Think different -- a better way to do it by plsuh · · Score: 3, Insightful

    On Mac OS X, the password is stored as a standard Unix-style crypt hash with eight significant characters. It's no more or less secure than most other Unix-style systems that use this system -- this is reasonably secure if you use a solid password. Upper and lower case, numbers, punctuation, etc. I'd personally prefer that it take into account more significant characters, but "this will be covered in a later release". Using the OpenLDAP-based password server from Mac OS X Server gives you 255 significant characters via SASL, but this isn't usable in the case where you want encrypted disk images the most, on a laptop away from any network.

    A pretty good way to make a difficult to crack but easy to remember password is to string together two words with some punctuation in between. E.g., my old (now defunct, so don't bother trying it) Compuserve account password, "knife:other". On Mac OS X, this reduces to "knife:ot" which is easy to remember but hashes to something pretty difficult to crack by brute force.

    --Paul

    Curriculum Developer
    Technical Training and Certification
    Apple Computer