PDA

View Full Version : Does FileVault encrypt on log out?



DrQuincy
11-12-2015, 10:33 AM
Hi,

I am moving to an office instead of working-from-home. Because my machine will be left unattended at night and because it contains all my client work I want to make sure the hard drive is encrypted if it gets stolen during the night. I have FileVault enabled and am currently running the latest OS. I know when it goes to sleep it does not encrypt. What about logging out or do I need to shut down each night? I don't mind the latter too much but am wondering does powering up once per day decrease the lifespan of the hardware at all?

Thanks.

Rod Sprague
11-12-2015, 11:05 AM
In answer to your question "Any new files you create are automatically encrypted as they're saved to your startup disk". However your encrypted files are only as strong as your login password. So if your login password is compromised no amount of encryption will protect your files. Do save your Recovery Key to iCloud Keychain or a safe place.
See this article; https://support.apple.com/en-au/HT204837
You may want to consider a encrypted folder application instead such as Hider by MacPaw http://macpaw.com/hider
The File Vault option although sound in principal can in my experience cause unnecessary complications for some system repair proceedures.
Alternatively a password protected encrypted folder can be created using the native Disk Utility.
Whatever you decide I advise a complete backup of your HD using Time Machine to an external USB HD. Bear in mind these backups will not be encrypted unless you choose to tick the option to make them so.

DrQuincy
11-12-2015, 11:25 AM
Thanks but have you answered a different question? I was specifically wanting to know if FileVault encrypts on log out.

I have my key saved in iCloud though Apple don't seem to explicitly give you access to your key. It seems to be fully managed through your iCloud login and your security questions. I am familiar with encryption as I have used 256-bit AES encryption libraries for work and cannot figure out how Apple's recovery system works as it seems they intentionally (?) don't tell you much about it. Any ideas? I think the key is kept encrypted based on your security questions and when you forget your login you can get your key — and reset your password — by decrypting using your three questions. I'm guessing they've done this to shield less technical users from the joys of data encryption — and so users don't have to store something that is so important. I may be totally wrong though!

I have my Macs backed up to encrypted Time Machine hard drives so am not too bothered about system repairs.

MacInWin
11-12-2015, 05:41 PM
As Rod says, "Any new files you create are automatically encrypted as they're saved to your startup disk." That answered your question, the files are encrypted when saved, not when you log off or shut down. Immediately on save. Immediately.

I don't know how the encryption is done (I don't use FileVault), but one unsolicited suggestion for you is to secure the hardware by some sort of locking cable. It may only slow down the potential thief, but if you have alarms not he office and a stout locking cable, the thief may not want to take the time to saw through the cable if the alarm is ringing and the police are on the way. Better yet, if the data is really critical, put the machine in a good, heavy safe and lock it down every night. You can even put a locking cable inside the safe if you are really dedicated to trying to protect the machine! (Don't laugh, I have had to do that on secure facilities before.)

MacInWin
11-12-2015, 05:42 PM
Ah, the old double-post bug is back!

chscag
11-12-2015, 06:26 PM
Ah, the old double-post bug is back!

What double post? ;D

MacInWin
11-12-2015, 06:35 PM
Well, when I posted #4, the system threw up a warning message about leaving the page. I copied the text of the post, then left the page. When the page displayed again, with my new post, it was doubled. Now I see it's back to single. Strange workings....

chscag
11-12-2015, 08:30 PM
It does happen on occasion. I deleted your dupe and have had to do the same thing for some of my own. I also noticed that some of the dialogs for editing are not displaying correctly and overlap but at least it appears the edits are OK.

MacInWin
11-12-2015, 09:45 PM
Ah, ok, I thought maybe I had lost my mind when the dupe disappeared. (It's small, and easily misplaced.) (My mind, that is)

DrQuincy
11-13-2015, 02:01 AM
Thanks. Maybe I have a misunderstanding as to how it works then.

I thought you boot up and it decrypts your drive, you shut down and it encrypts. So, my concern was if I left it on and someone unplugged it without shutting it down they could mount the drive, unencrypted.

I've read your link but surely if you your Mac is logged in and running and isn't shut down properly there must be some unencrypted data on there.

Bearing in mind my situation, is shutting down any more secure than logging out?

Rod Sprague
11-13-2015, 02:19 AM
To sum up, your drive is not "unencrypted" when you login (that would take hrs) the computer reads the files in their encrypted state using the same algorythm it used to encrypt them. To read the files one needs to log in using your Admin Password. Which is why I said encryption is only as safe as your password. If someone were able to bypass your login password what they would find is encrypted files. For example if an online hacker gained access to your computer on say a shared network he/she would only see encrypted files.
At the end of the day there is nothing better than a good strong login password and a mechanical means of securing your computer physically as suggested above by MacInWin.

DrQuincy
11-13-2015, 05:51 AM
Thanks for the reply.

I did wonder as I have used the PHP mcrypt library to encrypt batches of small files (< 2MB) and it wasn't exactly fast so wondered how you could work off an encrypted drive without suffering a massive performance hit.

So does the OS only store decrypted data in RAM? So when it's switched off you lose it? If so, I guess I'm fine leaving it asleep.

Rod Sprague
11-14-2015, 01:59 AM
No it does not store decrypted data in RAM. You cannot switch off without saving whatever you have changed. By default when Filevault is on your password is required when waking from sleep. It will go to sleep when the lid is closed, after a preset period of time (see Energy Saver preferences) or if you manually put it to sleep from the command in the Apple menu.

DrQuincy
11-15-2015, 12:05 PM
Great, thanks Rod. Sounds pretty rock solid. I've got my Macs set up such that I have to enter my password for keychain after five minutes of inactivity and have a strong password so sounds like I'm okay.

Thanks again.