Forgot your password?
typodupeerror
Encryption OS X Security

How To Replace FileVault With EncFS 65

Posted by timothy
from the for-secretive-tweakers dept.
agoston.horvath writes "I've written a HOWTO on replacing Mac OS X's built-in encryption (FileVault) with the well-known FUSE-based EncFS. It worked well for me, and most importantly: it is a lot handier than what Apple has put together. This is especially useful if you are using a backup solution like Time Machine. Includes Whys, Why Nots, and step-by-step instructions."
This discussion has been archived. No new comments can be posted.

How To Replace FileVault With EncFS

Comments Filter:
  • Answer (Score:5, Informative)

    by lakeland (218447) <lakeland@acm.org> on Sunday February 14, 2010 @04:24PM (#31136624) Homepage

    I'm tempted to say RTFA but in the interest of saving you and no doubt others a bit of time:

    "The biggest mistake Apple did with FileVault is storing the encrypted home directory on a virtual file system. All of FileVault's drawbacks originate from this. The implementation is brilliant, free of bugs, fast and well thought over. But why they decided to have all the trouble with a filesystem in a filesystem remains a mystery."

    Essentially, instead of mounting /Users/your_username via FIleVault, Apple decided to add a sparse bundle file to your home directory with all of the contents. The worst impact of this design flaw is it adds a lot of time overhead at log out. If apple instead created a different partition for each user's home directory then there are no real flaws with FileVault.

    I can see why Apple did it they way they did - dynamically resizing partitions as the user adds data to their home directory sounds... scary.

  • Re:Question (Score:3, Informative)

    by bazald (886779) <bazaldNO@SPAMzenipex.com> on Sunday February 14, 2010 @04:25PM (#31136640) Homepage

    Maybe you could skim the article next time? Ah... who am I kidding. You just wanted first post, after all.

    FileVault:
    - Long waiting times at logout
    - No shrinking while logged in
    - Doesn't work well with Time Vault
    - Proprietary
    - Weak encryption
    + Well worked out and tested

    EncFS:
    +Get your space back
    +Get rid of the long waiting times at logout
    +Back your data up while logged in
    +Be safer by using open-source

    I can't vouch for the claims.

  • Re:[citation needed] (Score:4, Informative)

    by Balau (1286776) on Sunday February 14, 2010 @04:40PM (#31136790) Homepage
    I think it should be rephrased:

    FileVault is a proprietary tool from a big and famous manufacturer. This means that you can't be sure that there isn't a built-in backdoor for government bodies to use, ...

    other than that, I'm all for EncFS. What you lose in terms of security (directory structure and file size are visible) you gain in terms of performance and interoperability with other tools.

  • by diamondsw (685967) on Sunday February 14, 2010 @05:24PM (#31137198)

    FTFA:

    There are known problems with EncFS, as it only support basic POSIX operations (no locking, extended attributes, etc...). This works well for simple file storage or multiplatform applications, like MacPorts, Firefox, Thunderbird, etc..., but encrypting your whole homedir is known not to work.

    That is an absolute deal breaker. Mac OS X (and increasingly third party software) makes extensive use of that metadata in extended attributes. Until it can preserve that same metadata, this solution is a no-go for, oh, 99% of the population. And that last 1% is going to be on thin ice, hoping nothing breaks. Sorry for it sounding a bit like FUD, but this does entail a fair amount of uncertainty and doubt, and that brings some fear into it.

    It's a great idea, as FileVault is very limited in its approach, but this is far from a "replacement" for it.

"Confound these ancestors.... They've stolen our best ideas!" - Ben Jonson

Working...