Slashdot Mirror
How To Replace FileVault With EncFS
agoston.horvath writes "I've written a HOWTO on replacing Mac OS X's built-in encryption (FileVault) with the well-known FUSE-based EncFS. It worked well for me, and most importantly: it is a lot handier than what Apple has put together. This is especially useful if you are using a backup solution like Time Machine. Includes Whys, Why Nots, and step-by-step instructions."
FTFA:
[citation needed]
I'm tempted to say RTFA but in the interest of saving you and no doubt others a bit of time:
"The biggest mistake Apple did with FileVault is storing the encrypted home directory on a virtual file system. All of FileVault's drawbacks originate from this. The implementation is brilliant, free of bugs, fast and well thought over. But why they decided to have all the trouble with a filesystem in a filesystem remains a mystery."
Essentially, instead of mounting /Users/your_username via FIleVault, Apple decided to add a sparse bundle file to your home directory with all of the contents. The worst impact of this design flaw is it adds a lot of time overhead at log out. If apple instead created a different partition for each user's home directory then there are no real flaws with FileVault.
I can see why Apple did it they way they did - dynamically resizing partitions as the user adds data to their home directory sounds... scary.
Maybe you could skim the article next time? Ah... who am I kidding. You just wanted first post, after all.
FileVault:
- Long waiting times at logout
- No shrinking while logged in
- Doesn't work well with Time Vault
- Proprietary
- Weak encryption
+ Well worked out and tested
EncFS:
+Get your space back
+Get rid of the long waiting times at logout
+Back your data up while logged in
+Be safer by using open-source
I can't vouch for the claims.
Insert self-referential sig here.
And another Mac OS X solution is to create encrypted disk images using Apple's Disk Utility application (comes with the OS).
I like it because I have an office network and need business files to be encrypted, but accessible by other employees. File Vault is a single-user system unless your server is Mac OS X (ours is linux) and the files are stored in a user directory on that server. That opens up the problem that the login for the server then unlocks all the encrypted files.
Using Mac OS X disk utility, I've created several encrypted disk images on the server that users can mount over the network while having to give a password, etc. The server never knows anything about the encryption, etc It also enables a granular security policy to allow access to certain volumes to certain users.
Problems are that the disk images don't expand like File Vault apparently does. Also, doesn't use Time Machine effectively. (entire disk image would get backed up each time rather than only modified files). Other problem is that if the server becomes inaccessible, the client machines will write files to a temp location on the hard drive and the client user won't know they're not being saved to the encrypted disk image. Can present a security risk to those files being readable at a later date.
Seth
$5 / month hosted VPS on linux = awesome!
Just turn it on and forget about it.
NSA has VileFault (spoonerism, not typo) for brute force dictionary attacks on weak passwords. I don't think NSA would take that route if Apple gave them a back door.
Having read the article, I'd recommend that no one else did. It's written in a preachy patronising tone by someone who is clearly an idiot. For example, he complains about weak encryption because it's 'only AES-128 and you can't change that', except that since 10.5 it's been AES-128 or AES-256, even AES-128 is more than secure enough, and the vulnerability with FileVault comes from how they store the key, not from the encryption used.
He also mentions just as a throw-away 'Don't forget that encfs doesn't support fancy filesystem operations, so don't just throw your whole homedir in there - it won't work.' So, in fact, this can't replace FileVault. Looking at the EncFS web site, I can't see any evidence that it's been audited (even the design, let alone the code). He recommends storing your decryption key in the keychain, which seems very odd; if you don't trust Apple's encryption of your home directory, why would you trust Apple's encryption of your passwords?
He finishes with 'The biggest mistake Apple did with FileVault is storing the encrypted home directory on a virtual file system'. Given that the limitations of EncFS come from the fact that it isn't a proper filesystem, I'd have to disagree there. FileVault does encryption at the block layer, just like most other encrypted filesystems. If you bother to read any of the papers in this area, you will see that there are a number of good reasons for doing this.
Apple did two things wrong with FileVault. They didn't let Time Machine sync mounted File Vault images with other encrypted images and they didn't provide an implementation of something like the TRIM command to let the low-level bits delete space when it was no longer needed.
I am TheRaven on Soylent News
FTFA:
That is an absolute deal breaker. Mac OS X (and increasingly third party software) makes extensive use of that metadata in extended attributes. Until it can preserve that same metadata, this solution is a no-go for, oh, 99% of the population. And that last 1% is going to be on thin ice, hoping nothing breaks. Sorry for it sounding a bit like FUD, but this does entail a fair amount of uncertainty and doubt, and that brings some fear into it.
It's a great idea, as FileVault is very limited in its approach, but this is far from a "replacement" for it.
I don't know what kind of crack I was on, but I suspect it was decaf.
+Get your space back
Create a second account, use it to shrink primary account (useful regardless, for many other troubleshooting reasons.)
+Get rid of the long waiting times at logout
And how often do you log out of your Mac? The only time I do that is when I reboot, and according to uptime, I haven't rebooted in more than a week. That was only because of security updates.
+Be safer by using open-source
1)When is the last time you validated the checksum of a package or source? 2)When is the last time you reviewed (end to end) the code for an open-source program? 3)When is the last time you looked at ANY source, instead of just reading README and then typing "./configure"? 4)How many people out there are qualified to review source code enough to detect the myriad of security vulnerabilities possible, intentional or otherwise?
The open-source security mantra has been trotted out for a decade and it still rings as hollow as can be. It's about as intelligent as handing blueprints to every car owner and wondering why people are still buying cars that break. 99.99999% of your users a)can't be bothered b)aren't qualified.
Please help metamoderate.
What are some flaws in FileVault that might make me prefer EncFS?
I've only been thinking of activating FileVault lately and my only other experience has been with ELI in FBSD.
The "flaws" in FileVault (really, just limitations, but whatever), are that they aren't backed up via Time Machine while you're logged in, and space isn't freed up until you log out.
He states that it takes a long time to log out, but that's not true as of Snow Leopard. Sparsebundles recover space very quickly, and you can cancel the logout clean up process without worry.
As for, why would you prefer EncFS? You wouldn't. It actually does work reliably. FTA:
In other words, not only can it not replace FileVault, but it can't even be used for the things a normal Mac user might want to encrypt (Mail folder, iPhoto library, etc.).