- Joined
- Jan 28, 2009
- Messages
- 34
- Reaction score
- 0
- Points
- 6
- Your Mac's Specs
- MBP 11,3 (15" Retina, Feb 2015), 2.8/4.0 GHz Core i7-4980HQ, 1TB SSD/4-lane PCIe, 16GB RAM, Yosemite
Two questions about FV2:
I. This is my understanding of FV2 on Yosemite; please tell me if it's correct:
1) If someone gets hold of your computer and removes your FV-encoded drive, they can use various programs to try to crack it. These can test a vast number of combinations in a relatively short period of time, so an 8-character pwd isn't good enough. Fortunately, the pwd Apple creates is far longer than this, effectively defeating attempts from such programs.
2) By contrast, your login password could be only eight characters without compromising security because, while this only gives 36^8 = 3 x 10^12 combinations (assuming numbers and lower case letters only), this cannot be cracked in a automated fashion. Rather, cracking this password requires going through the login screen, which allows only 1 attempt every few seconds, and will deny entry after too many failed attempts.
I.e., the bottom line is that your login password only has to be long enough to defeat manual guessing, rather than computer-driven cracking programs.
Is this correct?
II. It's my understanding that if my drive is FV2-encrypted, and I decided to get rid of it, there's no need to do an erase. Is this correct?
I. This is my understanding of FV2 on Yosemite; please tell me if it's correct:
1) If someone gets hold of your computer and removes your FV-encoded drive, they can use various programs to try to crack it. These can test a vast number of combinations in a relatively short period of time, so an 8-character pwd isn't good enough. Fortunately, the pwd Apple creates is far longer than this, effectively defeating attempts from such programs.
2) By contrast, your login password could be only eight characters without compromising security because, while this only gives 36^8 = 3 x 10^12 combinations (assuming numbers and lower case letters only), this cannot be cracked in a automated fashion. Rather, cracking this password requires going through the login screen, which allows only 1 attempt every few seconds, and will deny entry after too many failed attempts.
I.e., the bottom line is that your login password only has to be long enough to defeat manual guessing, rather than computer-driven cracking programs.
Is this correct?
II. It's my understanding that if my drive is FV2-encrypted, and I decided to get rid of it, there's no need to do an erase. Is this correct?