Encryption

Encryption is always a popular back burner topic for geeks, but no one ever seems to actually do it. It seems to me to be one of those topics that make you feel all James Bond, but when it comes down to it you just don't have the need for it. Well, that's about to change. I am carrying more and more personal information and while the fact that my notebook is never more than 5 feet from me is a pretty good security measure, doesn't mean I don't think about what could happen.

So I am thinking about encrypting my hard drive because I don't want to get caught, but I haven't seen anything definitive about it regarding it's use with OS X. I'd assume that full disk encryption is a better method than just encrypting your home directory (a la FileVault) because some things are stored (at least temporarily) outside your home folder, and thus outside the protected zone in the latter. Perhaps I am wrong?

I have heard about two methods of full disk encryption that seem pretty popular; PGP and TrueCrypt. I haven't had any experience with encryption at all, but it does kinda scare me a little. I am looking to answer a few questions, but can't find anything definitive:

* How easy is it to set up on a volume already in use? (ie. I don't want to format and start again to use it)
* How long does it take to encrypt a drive on average? (I know it depends on the drive speed, capacity and I would assume the file sizes and CPU etc., but are we talking hours, days or weeks for 250GB?)
* How effective is it and what encryption method is best? It looks like TrueCrypt can use multiple methods at once but that sounds a little dangerous...
* Does it slow your machine significantly?
* What are the dangers other than forgetting the keys? For example; Do encrypted drives tend to fail quicker due to the constant reads and writes? Does the encryption fail often and render your data useless?
* How does Time Machine handle encrypted drives and can I encrypt my backup drive too?
* If the drive was to fail and I needed to send it to a data recovery centre, would it cause them an issue?
* Anything else I haven't thought of yet?

Has anyone had any experience with any other encryption for the Mac? Anything to share?

Nov 20, 2008

~ said...

I'm not a Mac user, but I'm writing this from a box with a system partition that's been encrypted with TrueCrypt. I'll see if I can answer your questions.

* How easy is it to set up on a volume already in use? (ie. I don't want to format and start again to use it)

This is built in. You tell TrueCrypt you want to encrypt the System Partition (if you've got more than one OS booting, read the docs. ..read the documentation anyway, actually), what method to use, and if you'd like to overwrite your data using DOD-3, DOD-7, or Guttman (not get rid of your data, mind, but, encrypt a chunk, and write over the corresponding unencrypted chunk). It runs, encrypting your drive, contents, free space, and all.

* How long does it take to encrypt a drive on average? (I know it depends on the drive speed, capacity and I would assume the file sizes and CPU etc., but are we talking hours, days or weeks for 250GB?)

Depends on the speed of your machine, yes, and also if you're doing any of the secure overwrites, as well as what you're using for encryption - cascades (AES-Serpent-Twofish, for example) would take the longest. TrueCrypt should let you benchmark to give you some idea on how fast each will go on your system.

* How effective is it and what encryption method is best? It looks like TrueCrypt can use multiple methods at once but that sounds a little dangerous...

It's whole-disk encryption, so it's as effective at encrypting your data as the algorithm used (the ones TC offers are all serious, definitely good enough to protect your data in general). As for what method is best, it's a matter of choice. AES is supposed to be the fastest, I believe. A cascade would probably offer greater security, but I'm not sure. Check the docs for this.

* Does it slow your machine significantly?

Mixed reports on this one- I've never noticed it.

* What are the dangers other than forgetting the keys? For example; Do encrypted drives tend to fail quicker due to the constant reads and writes? Does the encryption fail often and render your data useless?

I haven't heard of it doing so, but I suppose it's a possibility. TrueCrypt should force you to create a Rescue Disk when you encrypt, which will let you into your system if your boot loader (the thing you need to authenticate on to get it to boot) fails.

* How does Time Machine handle encrypted drives and can I encrypt my backup drive too?

Yes, you can use TrueCrypt to encrypt non-system drives. You can also make file containers. Backup utilities should appear to run normally. I'm unfamiliar with Time Machine, so I'm not sure what would happe there.

As a note, it's probably a good idea to encrypt that backup drive. If someone gets two images of the same encrypted drive, I believe there's an attack they can execute.

* If the drive was to fail and I needed to send it to a data recovery centre, would it cause them an issue?

Probably. It's a bunch of random data from their point of view, but you might be able to use the Rescue Disk to attempt to permanently decrypt the system partition- maybe not. If you're going to encrypt your disk, backups are a good idea.

* Anything else I haven't thought of yet?

Look at Cold Boot Attacks (encrypted disks that have recently been turned off or are still on - the encryption key may still be in RAM) and read the TrueCrypt FAQs/documentation. Don't go in underinformed unless you can stand losing the data.

Hope that helps!

houltmac.net

Encryption

Comments (1)

Leave a comment...