Encrypting a User's Home Directory Under Mac OS X

← Back to Stories (view on slashdot.org)

Encrypting a User's Home Directory Under Mac OS X

Posted by CmdrTaco on Sunday December 29, 2002 @03:52AM from the now-ya-see-it-now-ya-don't dept.

jnetsurfer writes "A friend of mine challenged me to see if I could place a user's home directory on a device image (DMG) under Mac OS X. Well, I decided to post my solution to the problem on the web and here, in case anyone is interested. This can be useful if you want to encrypt a user's home directory, or if you wanted to limit a user's home directory to a certain size."

4 of 87 comments (clear)

Min score:

Reason:

Sort:

Cool article--one concern/question: by vegetablespork · 2002-12-29 04:33 · Score: 3, Interesting

Is the handling of encrypted DMG files part of the open source Darwin, or is it possible that there is a crippling of or backdoor into this encryption that Apple was forced to insert at the behest of some three letter government or four letter lobbying agency, a la Lotus' having fixed part of the encryption key, effectively reducing key length in international versions?

--
Call (206) 338-5780 COLLECT for information about a genuine BA, BS, MA, MS, MBA, or Ph.D.
Encrypted files systems... by tvadakia · 2002-12-29 04:36 · Score: 3, Interesting

This brings up a point. A friend of mine has been researching a way for an entire operating system (a widely used one like MacOS or Microsoft Windows) to use, exploit, and be fully functional on top of a completely encrypted file system. Or, for a file system such as NTFS or HFS+ to reside as a sub-file system, being contained within an encrypted file system, with which if you enter the system with the correct password (or biometrics or card key or combination) you'll enter the system, and the OS which resides on the system doesn't even notcie the underlying encrypted-FS and only sees the contained NTFS/HFS+/etc... Is this possible? If so, how?

--
Unique.
1. Re:Encrypted files systems... by hdurdle · 2002-12-29 05:31 · Score: 3, Interesting
  
  While I'm thinking about this... you could even run aVMWare virtual machine using a disk image on a PGPDisk encrypted volume. That way you can run any kind of Windows or Linux on a machine where the OS will have no clue that it's entire underlying file system is encrypted.
Re:Think different -- a better way to do it by tbmaddux · 2002-12-29 10:38 · Score: 3, Interesting

Since you're putting the password in the keychain, and most user passwords are the same as their keychain passwords, doesn't this present a potential weak point? (I've often read not to put AES-128-encrypted .dmg passwords into the Keychain) How secure is the password database in MacOS X?

--
Can't you see that everyone is buying station wagons?