Slashdot Mirror
Encrypting a User's Home Directory Under Mac OS X
jnetsurfer writes "A friend of mine challenged me to see if I could place a user's home directory on a device image (DMG) under Mac OS X. Well, I decided to post my solution to the problem on the web and here, in case anyone is interested. This can be useful if you want to encrypt a user's home directory, or if you wanted to limit a user's home directory to a certain size."
Call (206) 338-5780 COLLECT for information about a genuine BA, BS, MA, MS, MBA, or Ph.D.
This brings up a point. A friend of mine has been researching a way for an entire operating system (a widely used one like MacOS or Microsoft Windows) to use, exploit, and be fully functional on top of a completely encrypted file system. Or, for a file system such as NTFS or HFS+ to reside as a sub-file system, being contained within an encrypted file system, with which if you enter the system with the correct password (or biometrics or card key or combination) you'll enter the system, and the OS which resides on the system doesn't even notcie the underlying encrypted-FS and only sees the contained NTFS/HFS+/etc... Is this possible? If so, how?
Unique.
Here we go, I found these unix commands in OSX 10.1.5:
...
man quota
man quotaon
man quotacheck
I have been using different encrypted file systems on Linux, mostly using the twofish algorithm. Basically, I think there are two major purposes of crypted file systems for the average geek:
1) You've got some REALLY secret information which you'd like to protect: use an encrypted file.
2) You would like to protect the information in case someone steals your computer.
In my opinion, crypting the whole system doesn't really make sence unless you're afraid of someone coming to take your computer away from you: To use the computer, you have to unlock these filesystems anyway and an intruder will be able to read your files at that time
Also, encrypted filesystems heavily slows down the system, since every read/write to disk needs some CPU. I remember getting pretty poor transfer rates, which is the reason I don't use it anymore.
Heh. Yeah, just keep the pr0n in an encrypted DMG instead of a folder, and, er... MOUNT it when you want it.
According to this helpful how-to, you use the Disk Utility to make an image using AES-128 encryption and then you store your home directory on that image.
The NIST has a white paper on AES which announces that the Rijndael method was the official AES algorithm and that Rijndael is designed with some flexibility in terms of block and key sizes.
Apparently 128 bit AES allows for a possible 3.4 x 10^38 possible keys which (correct me if I'm wrong here) puts it somewhere between DES and triple-DES. (?)
Can any Mac users comment on the limitations that are imposed on your choice of a passphrase?
Basically, I'd like to know how strong a method is this. Is it keep your little sister from reading your diary encryption, or more along the lines of if the Feds busted you they couldn't crack open your data with any computers due out in ten years type of encryption.
http://tinyurl.com/4ny52
sudo ditto -rsrcFork /Users/USERNAME /Volumes/VOLUME-NAME/
instead, which maintains the Resource Fork information.
I kept reading and found the answer to my own question: in the late 1990s, specialized "DES Cracker" machines were built that could recover a DES key after a few hours. By trying possible key values, the hardware could determine which key was used to encrypt a message.
Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.
http://tinyurl.com/4ny52
Here you go, this HOWTO is even more complete than the article referenced for Mac OS X.
...
http://weigand.home.texas.net/efs.html
Of course, there are Linux distributions that does it out of the box. I use Suse that does this just fine
Why would you be storing your mp3s on an encrypted disk?
I would think personal financial documents and porn would be much more important. Of course mpeg playback would be hindered, which would be a problem.
Why would porn be 'important' enough to encrypt ? If you're trying to hide the fact that you're watching porn on your computer, you'll have to hide all history files, logs, etc too since these probably reside in a non-crypted area.
...)
(Of course, this is only general thoughts and not a personal attack on the poster. I encrypt my financial information too
Maybe I am missing something, but I don't see a point in doing this. As the hint is described, it is apparent the image is mounted permanently, even after the users log out. It is mounted by root.
/Users.
I don't see how this can make things more secure - since anybody with proper permissions can access the contents of the mounted image via the mount point just as well as when the data was in
It would make some sense if the image would be mounted only at login (and unmounted at logout), but this is not possible with this hint either. Out of top of my head, I can't think of a way to do this.
The LoginHook is run as root and is passed the user name as $1. We use it to create dynamic AFS mounts on login now, so I don't see why it would work in this case.
- Log in as the user whose files you want to secure.
- Create an encrypted disk image using Disk Copy at the top level of the user's home directory. When it asks for the disk image password, be sure that the "remember password" option is checked -- this saves the disk image's password on the user's default keychain.
- Use ditto to copy over the following directories from the user's home folder onto the encrypted disk image:These are the important ones; you can copy over other items as well, but definitely don't do the entire ~/Library folder, and don't do the ~/Library/Keychains or ~/Library/Preferences folders.
- Set the disk image to automount on login by dragging it into the Login Items preferences pane.
- Use mv to shift the directories aside (e.g. mv ~/Documents ~/Documents.save) and set up symlinks onto the disk image (e.g. ln -s
/Volumes/Secure/Documents ~/Documents). - Log out and log back in again. The disk image will be automounted at login, using the password stored on the default keychain which also unlocks on login. Everything should just work!
:-D - Now for the housekeeping: delete the
.save directories you created earlier, and be sure to turn off automatic login in the Accounts preferences pane.
Why do it this way instead of the way that Joshua Gitlin wrote up? First, you don't need admin access to a machine to make it work. You may not have admin access on a company machine, or as a sysadmin you may not want to give admin access to most of your users.Second, using Joshua's method, once the disk image is mounted it's open to anyone who has admin access on that machine, whether or not you are logged in at the console. By using an automounted image with the password stored on the keychain everything is secure until you actually log in, and everything is secured once you log out.
Third, this way is a lot more convenient. If you make security too inconvenient, users will circumvent it. Instead of two logins, you only have to do one. Techincally unsophisticated users (secretaries, lawyers, vice-presidents, etc.) don't need to do anything different.
<BLATANT PLUG>
Go to Apple Training and sign up for a course or two. They're well worth the money and help me keep my job.
</BLATANT PLUG>
--Paul
psuh at apple dot com
Curriculum Developer
Techincal Training and Certification
Apple Computer
Thanks.
Why do you really care about encrypting the OS? Seems a waste of time and CPU, to decrypt the OS just to use it. The important thing would be to encrypt the important data, which would be in the home directory.
One more thing -- people have been commenting/asking about the speed of access. The algorithm for AES-128 on MOSX 10.2 has been heavily optimized. There is basically little or no additional overhead when using an encrypted disk image vs. an unencrypted disk image.
--Paul
Apple hasn't written too much, but they do have this doc.
Also, macosxlabs.org has written a doc that fills in some gaps. If you are going to be doing a lot during login/logout, you might want to checkout iHook from the University of Michigan. It's a great little tool that give a GUI to boring old shell scripts.
NTFS 5 (in 2000 and XP) supports transparent encryption of entire volumes which might be what you are looking for. I'm not sure if you can encrypt the entire boot partition or not as I'm not interested in that level of security. Unfortunately, if you encrypt data you lose the ability to use NTFS's transparent compression.
That sounds like a good reason to not allow changes to the OS but not for full encryption, unless I'm missing something. Our university labs do not have encrypted OS's, but in many of them there are non-public areas of the hard drive that are wiped and replaced each night from a disk image.
When the RIAA/MPAA/whoever carts your ass off to jail for having MP3's of songs you don't own the CD's to....you'll wish you had encrypted your music.
Uh...Taco and Hemos sold out *long* before they go top-of-the-line-last-tear TiBooks. If you don't like the Apple topic, remove Apple from your list of displayed topics. Better yet, don't visit apple.slashdot.org, since this story was *only* posted there.
Karma: Incomprehensible (Mostly affected by posting at +5, reading at -1, and metamoderating everything unfair.)
Well, in the Windows world, users have a habit of storing data files..... everywhere. There are some good encyrption programs out there that encrypt/decrypt at the sector level such as DriveCrypt. Personally, I'd rather buy laptops with a couple hundred extra Mhz rather than lose a laptop with sensitive information. For OS X, GPG does me fine for those files I deem truly sensitive (of course, my Mac is a personal use only machine--not allowed on the corporate network).