Forgot your password?
typodupeerror
Encryption OS X Security

How To Replace FileVault With EncFS 65

Posted by timothy
from the for-secretive-tweakers dept.
agoston.horvath writes "I've written a HOWTO on replacing Mac OS X's built-in encryption (FileVault) with the well-known FUSE-based EncFS. It worked well for me, and most importantly: it is a lot handier than what Apple has put together. This is especially useful if you are using a backup solution like Time Machine. Includes Whys, Why Nots, and step-by-step instructions."
This discussion has been archived. No new comments can be posted.

How To Replace FileVault With EncFS

Comments Filter:
  • by vlm (69642) on Sunday February 14, 2010 @04:51PM (#31136898)

    [citation needed]

    The six year archive of schneier's blog?

    http://www.schneier.com/ [schneier.com]

    It often seems that the closed source crypto marketplace in a binary state, either publicly known as snake oil, or not yet publicly known as snake oil. After being burned a zillion times, it seems its all snake oil.

  • by WebManWalking (1225366) on Sunday February 14, 2010 @05:07PM (#31137016)
    Just turn it on and forget about it.

    NSA has VileFault (spoonerism, not typo) for brute force dictionary attacks on weak passwords. I don't think NSA would take that route if Apple gave them a back door.
  • by Anonymous Coward on Sunday February 14, 2010 @05:39PM (#31137338)

    Are Apple's disk images really so mysterious and horrible as to be called "snake oil"? Reportedly they use AES encryption, and I thought open source projects had even reverse engeered the formats.

    No, they're not. Yes, they do, and yes, they have. That won't stop people that don't know anything about encryption from blindly posting Schneier's blog without context to whore for some karma, though.

  • by SuperBanana (662181) on Sunday February 14, 2010 @06:03PM (#31137566)

    +Get your space back

    Create a second account, use it to shrink primary account (useful regardless, for many other troubleshooting reasons.)

    +Get rid of the long waiting times at logout

    And how often do you log out of your Mac? The only time I do that is when I reboot, and according to uptime, I haven't rebooted in more than a week. That was only because of security updates.

    +Be safer by using open-source

    1)When is the last time you validated the checksum of a package or source? 2)When is the last time you reviewed (end to end) the code for an open-source program? 3)When is the last time you looked at ANY source, instead of just reading README and then typing "./configure"? 4)How many people out there are qualified to review source code enough to detect the myriad of security vulnerabilities possible, intentional or otherwise?

    The open-source security mantra has been trotted out for a decade and it still rings as hollow as can be. It's about as intelligent as handing blueprints to every car owner and wondering why people are still buying cars that break. 99.99999% of your users a)can't be bothered b)aren't qualified.

  • Re:Question (Score:5, Insightful)

    by node 3 (115640) on Sunday February 14, 2010 @06:04PM (#31137580)

    What are some flaws in FileVault that might make me prefer EncFS?

    I've only been thinking of activating FileVault lately and my only other experience has been with ELI in FBSD.

    The "flaws" in FileVault (really, just limitations, but whatever), are that they aren't backed up via Time Machine while you're logged in, and space isn't freed up until you log out.

    He states that it takes a long time to log out, but that's not true as of Snow Leopard. Sparsebundles recover space very quickly, and you can cancel the logout clean up process without worry.

    As for, why would you prefer EncFS? You wouldn't. It actually does work reliably. FTA:

    There are known problems with EncFS, as it only support basic POSIX operations (no locking, extended attributes, etc...). This works well for simple file storage or multiplatform applications, like MacPorts, Firefox, Thunderbird, etc..., but encrypting your whole homedir is known not to work.

    In other words, not only can it not replace FileVault, but it can't even be used for the things a normal Mac user might want to encrypt (Mail folder, iPhoto library, etc.).

  • by Anonymous Coward on Monday February 15, 2010 @12:37AM (#31140728)

    The gist of the tip is to create an encrypted container, move your important stuff into that container and then create symlinks from/to the original locations. Be sure to mount/unencrypt the container at boot.

    Why ENCFS? Why not a very strong encrypted disk image? Why not Truecrypt? The author doesn't say.

Whenever people agree with me, I always think I must be wrong. - Oscar Wilde

Working...