Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
OS X Businesses Operating Systems Apple

Encrypting a User's Home Directory Under Mac OS X 87

jnetsurfer writes "A friend of mine challenged me to see if I could place a user's home directory on a device image (DMG) under Mac OS X. Well, I decided to post my solution to the problem on the web and here, in case anyone is interested. This can be useful if you want to encrypt a user's home directory, or if you wanted to limit a user's home directory to a certain size."
This discussion has been archived. No new comments can be posted.

Encrypting a User's Home Directory Under Mac OS X

Comments Filter:
  • by vegetablespork ( 575101 ) <vegetablespork@gmail.com> on Sunday December 29, 2002 @11:33AM (#4976805) Homepage
    Is the handling of encrypted DMG files part of the open source Darwin, or is it possible that there is a crippling of or backdoor into this encryption that Apple was forced to insert at the behest of some three letter government or four letter lobbying agency, a la Lotus' having fixed part of the encryption key [heise.de], effectively reducing key length in international versions?

    • by xmath ( 90486 ) on Sunday December 29, 2002 @12:47PM (#4977205)
      The DiskImages framework and associated utilities (hdid, hdiutil) are not part of Darwin.

      And sadly the encryption "plugin" is embedded inside the framework rather than being external. So if you'd want to check for backdoors, you'd need to disassmble the whole DiskImages framework (in /System/Library/PrivateFrameworks) and plow through that.

      However, since it does seem use a plugin interface, even internally, it's probably not too hard to locate just the encryption-related parts.
      • by plsuh ( 129598 ) <plsuh@@@goodeast...com> on Sunday December 29, 2002 @04:17PM (#4978099) Homepage
        The underlying AES-128 encryption is part of the Darwin distro. Look in the Darwin sources under:

        src/Security/AppleCSP/AES/

        This still doesn't really address the whole question -- if there's some back door somewhere higher up the stack in the disk mounting code, you won't find it here, but it's part of the solution. Validate the AES-128 code, then treat the encrypted disk image as a black box (using a simple password, without loss of generality) and see if you can decrypt the image by hand or using a util that you write yourself.

        OK, I work for Apple so you really can't fully trust me on this, but I certainly don't know of any intentional back doors in this code.

        --Paul
        psuh at apple dot com
        Curriculum Developer
        Technical Training and Certification [apple.com]
        Apple Computer
    • This message was brought to you by Citizens Against Black Helicopters and Fluorinated Drinking Water. Fight the future!
  • by tvadakia ( 314991 ) <tvadakia&gmail,com> on Sunday December 29, 2002 @11:36AM (#4976814) Homepage
    This brings up a point. A friend of mine has been researching a way for an entire operating system (a widely used one like MacOS or Microsoft Windows) to use, exploit, and be fully functional on top of a completely encrypted file system. Or, for a file system such as NTFS or HFS+ to reside as a sub-file system, being contained within an encrypted file system, with which if you enter the system with the correct password (or biometrics or card key or combination) you'll enter the system, and the OS which resides on the system doesn't even notcie the underlying encrypted-FS and only sees the contained NTFS/HFS+/etc... Is this possible? If so, how?
    • by hdurdle ( 199425 ) on Sunday December 29, 2002 @12:05PM (#4976974) Homepage
      PGP Disk.

      The freeware version is here [pgpi.org]. I've used it before, and it works like a charm. You create a PGPDisk file on a normal volume - this contains an encrypted disk. You can then "mount" the drive after providing the correct password. I've used it in the past on NT4 and on Win2K to great effect.
      • While I'm thinking about this... you could even run aVMWare [vmware.com] virtual machine using a disk image on a PGPDisk [pgpi.org] encrypted volume. That way you can run any kind of Windows or Linux on a machine where the OS will have no clue that it's entire underlying file system is encrypted.
      • Note that on MacOS X, using disk images like the author of the article described is *exactly* like using PGPdisk, except PGPdisk is cross-platform and perhaps more trustworthy since its source is available for auditing.

        Using OSX' diskimages however is free-as-in-beer, and probably a bit more flexible. Can you even mount a PGPdisk from the commandline on OSX ?
      • I was thinking more of something that would encrypt the OS partition as well, and the OS could boot from the encryption scheme without hassle after the correct password (or whatnot) is put in. So, even the OS would be fully encrypted if the HD was taken out and put into another computer. All a person would see is encrypted files, no more.
        • Why do you really care about encrypting the OS? Seems a waste of time and CPU, to decrypt the OS just to use it. The important thing would be to encrypt the important data, which would be in the home directory.
          • Why do you really care about encrypting the OS?

            Encrypting the OS should prevent someone with physical access to the disk it is on from tampering with it without you noticing.

            Think of someone somehow inserting password-snooping software into the OS (temporarily installing the disk in another computer if needed), waiting for you to access your encrypted files, then returning to snag your files using your very own perfectly valid passwords...

            Seems far-fetched? This very scenario occurred at a University computer lab, forcing sysadmins to install hardware encryption devices in all the PC's...
            • NTFS 5 (in 2000 and XP) supports transparent encryption of entire volumes which might be what you are looking for. I'm not sure if you can encrypt the entire boot partition or not as I'm not interested in that level of security. Unfortunately, if you encrypt data you lose the ability to use NTFS's transparent compression.
            • That sounds like a good reason to not allow changes to the OS but not for full encryption, unless I'm missing something. Our university labs do not have encrypted OS's, but in many of them there are non-public areas of the hard drive that are wiped and replaced each night from a disk image.
          • Well, in the Windows world, users have a habit of storing data files..... everywhere. There are some good encyrption programs out there that encrypt/decrypt at the sector level such as DriveCrypt [drivecrypt.com]. Personally, I'd rather buy laptops with a couple hundred extra Mhz rather than lose a laptop with sensitive information. For OS X, GPG does me fine for those files I deem truly sensitive (of course, my Mac is a personal use only machine--not allowed on the corporate network).
    • It's been done on shrink wrapped secure laptops running Linux/VMWare/W2K. The user only sees W2K, but everything is running in a vm on secure Linux.

      I doubt that it is worth the trouble though. You generally only need to encrypt data, not executables.

      Joe
  • I'm sure there must be a better solution to introduce quotas on user directories.

    At least Apple must have thought of this when creating os x server. And if it's in the server version, it should be easy to put in the standard edition.
    • by snowtigger ( 204757 ) on Sunday December 29, 2002 @12:23PM (#4977082) Homepage
      Here we go, I found these unix commands in OSX 10.1.5:

      man quota
      man quotaon
      man quotacheck

      I have been using different encrypted file systems on Linux, mostly using the twofish algorithm. Basically, I think there are two major purposes of crypted file systems for the average geek:

      1) You've got some REALLY secret information which you'd like to protect: use an encrypted file.
      2) You would like to protect the information in case someone steals your computer.

      In my opinion, crypting the whole system doesn't really make sence unless you're afraid of someone coming to take your computer away from you: To use the computer, you have to unlock these filesystems anyway and an intruder will be able to read your files at that time ...

      Also, encrypted filesystems heavily slows down the system, since every read/write to disk needs some CPU. I remember getting pretty poor transfer rates, which is the reason I don't use it anymore.
  • by ubiquitin ( 28396 ) on Sunday December 29, 2002 @12:53PM (#4977240) Homepage Journal
    According to this helpful how-to, you use the Disk Utility to make an image using AES-128 encryption and then you store your home directory on that image.

    The NIST has a white paper on AES [nist.gov] which announces that the Rijndael method was the official AES algorithm and that Rijndael is designed with some flexibility in terms of block and key sizes.

    Apparently 128 bit AES allows for a possible 3.4 x 10^38 possible keys which (correct me if I'm wrong here) puts it somewhere between DES and triple-DES. (?)

    Can any Mac users comment on the limitations that are imposed on your choice of a passphrase?

    Basically, I'd like to know how strong a method is this. Is it keep your little sister from reading your diary encryption, or more along the lines of if the Feds busted you they couldn't crack open your data with any computers due out in ten years type of encryption.
    • OK It's strong. (Score:3, Informative)

      by ubiquitin ( 28396 )
      I kept reading and found the answer to my own question: in the late 1990s, specialized "DES Cracker" machines were built that could recover a DES key after a few hours. By trying possible key values, the hardware could determine which key was used to encrypt a message.

      Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.
    • 128-bit AES allows for 128-bit keys, so yes, in decimal, 3.4e38-somethingorother (2^128). Yes, this is a greater range than DES (2^56). It's also greater than 3DES using two keys (one for the first and third stage, one for the second, so 2^112). Proper 3DES implementations use three independent keys for an effective keyspace of 2^168.

      However, the keyspace of an algorithm is only one of its strengths. It's only relevant if brute force is the fastest way to crack the cipher, which is very rarely the case. In the case of DES, it was refined by the oft-maligned NSA to resist differential cryptanalysis, leaving it resistant against all but brute-force until linear cryptanalysis was 'discovered' in the mid-90s. (To those who still believe the NSA weakened DES, go read your Schneier.)

      AES-128 is a new algorithm, but feels good. Brute-forcing a 128-bit keyspace would take several centuries, even taking into account Moore's law, so the difference between it and 3DES's 168 bits isn't relevant. Moreover, there are known exploits against 3DES (even if they aren't terribly helpful), whereas massive scrutiny by cryptanalysis worldwide (while Rijndael was becoming AES) has turned up nothing so far. This doesn't mean there won't be exploits, but it means that the chances that Shamir or one of the other hotshot cryptanalysts is going to bring out a paper tomorrow that invalidates all your work are very small.

      So: AES-128 will keep your sister from reading your diary. Unless you believe the NSA has some sort of amazing quantum computing that's forty years beyond consumer tech (which I really, really don't), AES-128 is also likely to keep your files safe from the gimmies for several decades.

      Although why the NSA would be interested in, say, my homedir, is beyond me -- the most likely person trying to crack my encryption is probably a jealous girlfriend. :-)
      • Moreover, there are known exploits against 3DES (even if they aren't terribly helpful), whereas massive scrutiny by cryptanalysis worldwide (while Rijndael was becoming AES) has turned up nothing so far. This doesn't mean there won't be exploits, but it means that the chances that Shamir or one of the other hotshot cryptanalysts is going to bring out a paper tomorrow that invalidates all your work are very small.


        Well, I wouldn't be so sure about that.
        http://www.counterpane.com/crypto-gram-0209 .html
  • Ditto... (Score:4, Informative)

    by TiMac ( 621390 ) on Sunday December 29, 2002 @12:57PM (#4977263)
    In the steps listed to change the home directory to the encrypted disk...a given step (#6) says to use "sudo cp -R /Users/USERNAME /Volumes/VOLUME-NAME/" to move the current home directory. But this will not properly copy resource fork files, so some files and programs would break...so most likely you would want to use

    sudo ditto -rsrcFork /Users/USERNAME /Volumes/VOLUME-NAME/

    instead, which maintains the Resource Fork information.

  • The only thing that sucks about this scheme is the elaborate procedure necessary to login as this special user (first login as admin and manually mount the encrypted homedir)

    I wonder if it's possible to write a Login Plugin to automatically mount the encrypted homedir using the password entered by the user. That would make the system completely transparent, while still being secure (assuming the password is good): If someone uses any other means (= security hole) to gain access to the account, the system won't have the password it needs to decrypt the homedir, so even gaining root access wouldn't help.

    (This would be very similar to the way Keychains are already handled: if your login password is equal to the passphrase of your default keychain, it is automatically unlocked when you log in)
    • What about a LoginHook?

      The LoginHook is run as root and is passed the user name as $1. We use it to create dynamic AFS mounts on login now, so I don't see why it would work in this case.

      • Is this an Apple feature, these LoginHooks, or are they provided elsewhere? I've never heard of them...do you have any documentation info online...I know some parties who would be greatly interested in having this info for AFS mounts.

        Thanks.

        • From what I've read, this is a NeXT feature that Apple was smart enough to keep around.

          Apple hasn't written too much, but they do have this doc [apple.com].

          Also, macosxlabs.org has written a doc [macosxlabs.org] that fills in some gaps. If you are going to be doing a lot during login/logout, you might want to checkout iHook [umich.edu] from the University of Michigan. It's a great little tool that give a GUI to boring old shell scripts.

      • Remember that you're asking for a user interface here: the password for the disk needs to be requested. I don't think you can do that from where you're at, before the start of the user login process.

        --Fred
  • Mac OS X takes it's usual theme of 'smaller is better' to a whole new level. Heh.
  • There's one major problem with Apple's encrypted disk images: speed. Playing an MP3 off of an encrypted disk image takes 10%+ of the CPU time on my iBook/600.
    • Re:Not fast (Score:5, Insightful)

      by Pfhor ( 40220 ) on Sunday December 29, 2002 @01:16PM (#4977357) Homepage
      Why would you be storing your mp3s on an encrypted disk?

      I would think personal financial documents and porn would be much more important. Of course mpeg playback would be hindered, which would be a problem.
      • Encrypting porn ? (Score:2, Insightful)

        by snowtigger ( 204757 )
        Why would porn be 'important' enough to encrypt ? If you're trying to hide the fact that you're watching porn on your computer, you'll have to hide all history files, logs, etc too since these probably reside in a non-crypted area.

        (Of course, this is only general thoughts and not a personal attack on the poster. I encrypt my financial information too ...)
      • Re:Not fast (Score:2, Insightful)

        by vasqzr ( 619165 )


        When the RIAA/MPAA/whoever carts your ass off to jail for having MP3's of songs you don't own the CD's to....you'll wish you had encrypted your music.

  • What's the point? (Score:2, Interesting)

    by zzen ( 190880 )
    Maybe I am missing something, but I don't see a point in doing this. As the hint is described, it is apparent the image is mounted permanently, even after the users log out. It is mounted by root.

    I don't see how this can make things more secure - since anybody with proper permissions can access the contents of the mounted image via the mount point just as well as when the data was in /Users.

    It would make some sense if the image would be mounted only at login (and unmounted at logout), but this is not possible with this hint either. Out of top of my head, I can't think of a way to do this.
    • Re:What's the point? (Score:2, Interesting)

      by mac-diddy ( 569281 )
      In conjunction with a LoginHook to mount the drive, you could use the LogoutHook to unmount it. You could even write the script to make sure that only drive X is made available to user X.

      That way, you, your S.O. and the kids could have their own private porn collections.


  • Roger Jolly's Encrypt and ".secret" scripts in AEP and the Mac OS X Encoding Plethora [mac.com] seem to have similiar functionality. I'm guessing these tools will not hide your directory structure or file names, but if I'm not mistaken, they will encrypt the individual files in semi-transparent manner.

    Does anyone have experience using these? Is the encryption function useful?
  • by plsuh ( 129598 ) <plsuh@@@goodeast...com> on Sunday December 29, 2002 @03:39PM (#4977966) Homepage
    This is actually something that is covered in the new Mac OS X Administration and Integration sysadmin technical training course from Apple that will be going live in January. As the author of that section of the course, let me give you a bare bones outline here.
    1. Log in as the user whose files you want to secure.
    2. Create an encrypted disk image using Disk Copy at the top level of the user's home directory. When it asks for the disk image password, be sure that the "remember password" option is checked -- this saves the disk image's password on the user's default keychain.
    3. Use ditto to copy over the following directories from the user's home folder onto the encrypted disk image:
      ~/Desktop
      ~/Documents
      ~/Library/Mail
      ~/Applicat ion Support/Addresses
      ~/.ssh
      These are the important ones; you can copy over other items as well, but definitely don't do the entire ~/Library folder, and don't do the ~/Library/Keychains or ~/Library/Preferences folders.
    4. Set the disk image to automount on login by dragging it into the Login Items preferences pane.
    5. Use mv to shift the directories aside (e.g. mv ~/Documents ~/Documents.save) and set up symlinks onto the disk image (e.g. ln -s /Volumes/Secure/Documents ~/Documents).
    6. Log out and log back in again. The disk image will be automounted at login, using the password stored on the default keychain which also unlocks on login. Everything should just work! :-D
    7. Now for the housekeeping: delete the .save directories you created earlier, and be sure to turn off automatic login in the Accounts preferences pane.
    Why do it this way instead of the way that Joshua Gitlin wrote up? First, you don't need admin access to a machine to make it work. You may not have admin access on a company machine, or as a sysadmin you may not want to give admin access to most of your users.
    Second, using Joshua's method, once the disk image is mounted it's open to anyone who has admin access on that machine, whether or not you are logged in at the console. By using an automounted image with the password stored on the keychain everything is secure until you actually log in, and everything is secured once you log out.
    Third, this way is a lot more convenient. If you make security too inconvenient, users will circumvent it. Instead of two logins, you only have to do one. Techincally unsophisticated users (secretaries, lawyers, vice-presidents, etc.) don't need to do anything different.

    <BLATANT PLUG>
    Go to Apple Training [apple.com] and sign up for a course or two. They're well worth the money and help me keep my job. :-D
    </BLATANT PLUG>

    --Paul
    psuh at apple dot com
    Curriculum Developer
    Techincal Training and Certification
    Apple Computer
    • This is cool. Thanks! One question I've had with using disk images for anything is that I have to declare the size of the volume at creation. What happens after I exceed the image size limit? Can it be setup to dynamically resize as I add more data?

      Apologies in advance if this is a newbie question that I should know.

      -73 because it's about prime.

    • Since you're putting the password in the keychain, and most user passwords are the same as their keychain passwords, doesn't this present a potential weak point? (I've often read not to put AES-128-encrypted .dmg passwords into the Keychain) How secure is the password database in MacOS X?
      • On Mac OS X, the password is stored as a standard Unix-style crypt hash with eight significant characters. It's no more or less secure than most other Unix-style systems that use this system -- this is reasonably secure if you use a solid password. Upper and lower case, numbers, punctuation, etc. I'd personally prefer that it take into account more significant characters, but "this will be covered in a later release". Using the OpenLDAP-based password server from Mac OS X Server gives you 255 significant characters via SASL, but this isn't usable in the case where you want encrypted disk images the most, on a laptop away from any network.

        A pretty good way to make a difficult to crack but easy to remember password is to string together two words with some punctuation in between. E.g., my old (now defunct, so don't bother trying it) Compuserve account password, "knife:other". On Mac OS X, this reduces to "knife:ot" which is easy to remember but hashes to something pretty difficult to crack by brute force.

        --Paul

        Curriculum Developer
        Technical Training and Certification [apple.com]
        Apple Computer
        • On Mac OS X, the password is stored as a standard Unix-style crypt hash with eight significant characters. It's no more or less secure than most other Unix-style systems that use this system...
          AFAIK other Unix-style systems are using more than 8 characters, but let's ignore passwords for a moment because we're talking about something else.

          My PowerBook G4 has 26 letters, 10 numbers, and 11 other characters I can type, for a total of 47. With the shift key, that's 94. Even if we charitably assume a strong password, 94^8 combinations is only 6.1e15, which is slightly worse than 53 bits of entropy.

          So by putting the password in the keychain, even if it is a good one (and quite often it is not), we are left with a disk image which is less protected than conventional, weak 56-bit DES encryption.

    • My friend does something similar on his iBook and runs into one problem on a fairly regular basis. Certain installers will remove the symlink to his Applications directory and replace it with a regular directory. No workaround other than recognizing that this occasionally happens and moving the new application over and recreating the symlink.
  • by plsuh ( 129598 ) <plsuh@@@goodeast...com> on Sunday December 29, 2002 @04:20PM (#4978121) Homepage
    One more thing -- people have been commenting/asking about the speed of access. The algorithm for AES-128 on MOSX 10.2 has been heavily optimized. There is basically little or no additional overhead when using an encrypted disk image vs. an unencrypted disk image.

    --Paul

  • That's a nice hack indeed. Now let us look at a better solution from NetBSD (only in -current at this stage, will be part of 1.7/2.0, whichever it ends up being called):

    http://netbsd.gw.com/cgi-bin/man-cgi/man?cgd+4+Net BSD-current [gw.com].

    and the config utility:

    http://netbsd.gw.com/cgi-bin/man-cgi?cgdconfig+8+N etBSD-current [gw.com]

  • Are there any recovery options for corrupted disk images? Losing all my information would be a ... bummmer ...

    Although the disk image will be completely secure if you can't get any files off of it...
  • I've never been able to mount an encrypted disc image from the command line unless I'm logged into the UI (i.e. logged into OS X normally).


    For example if I ssh into my home machine I get an error:


    hdid -passphrase "mysecret" somediscimage.dmg

    hdid: mounting somediscimage.dmg" failed: no mountable file systems.


    This disc image works just fine if I do the same exact thing while logged in locally.

    • Check out AppleCare document 106931

      If you are logged in remotely and there is no one on the console, you need to issue the following command:

      disktool -c

      before using "hdid" to mount the disk image.

      Alternatively, you could use "hdid -nomount" and then manually mount the appropriate /dev/disk node.

In practice, failures in system development, like unemployment in Russia, happens a lot despite official propaganda to the contrary. -- Paul Licker

Working...