How To Replace FileVault With EncFS 65
agoston.horvath writes "I've written a HOWTO on replacing Mac OS X's built-in encryption (FileVault) with the well-known FUSE-based EncFS. It worked well for me, and most importantly: it is a lot handier than what Apple has put together. This is especially useful if you are using a backup solution like Time Machine. Includes Whys, Why Nots, and step-by-step instructions."
Re:[citation needed] (Score:3, Insightful)
[citation needed]
The six year archive of schneier's blog?
http://www.schneier.com/ [schneier.com]
It often seems that the closed source crypto marketplace in a binary state, either publicly known as snake oil, or not yet publicly known as snake oil. After being burned a zillion times, it seems its all snake oil.
Plenty happy with FileVault (Score:2, Insightful)
NSA has VileFault (spoonerism, not typo) for brute force dictionary attacks on weak passwords. I don't think NSA would take that route if Apple gave them a back door.
Re:[citation needed] (Score:4, Insightful)
No, they're not. Yes, they do, and yes, they have. That won't stop people that don't know anything about encryption from blindly posting Schneier's blog without context to whore for some karma, though.
not actually solving non-existant problems. (Score:3, Insightful)
+Get your space back
Create a second account, use it to shrink primary account (useful regardless, for many other troubleshooting reasons.)
+Get rid of the long waiting times at logout
And how often do you log out of your Mac? The only time I do that is when I reboot, and according to uptime, I haven't rebooted in more than a week. That was only because of security updates.
+Be safer by using open-source
1)When is the last time you validated the checksum of a package or source? 2)When is the last time you reviewed (end to end) the code for an open-source program? 3)When is the last time you looked at ANY source, instead of just reading README and then typing "./configure"? 4)How many people out there are qualified to review source code enough to detect the myriad of security vulnerabilities possible, intentional or otherwise?
The open-source security mantra has been trotted out for a decade and it still rings as hollow as can be. It's about as intelligent as handing blueprints to every car owner and wondering why people are still buying cars that break. 99.99999% of your users a)can't be bothered b)aren't qualified.
Re:Question (Score:5, Insightful)
What are some flaws in FileVault that might make me prefer EncFS?
I've only been thinking of activating FileVault lately and my only other experience has been with ELI in FBSD.
The "flaws" in FileVault (really, just limitations, but whatever), are that they aren't backed up via Time Machine while you're logged in, and space isn't freed up until you log out.
He states that it takes a long time to log out, but that's not true as of Snow Leopard. Sparsebundles recover space very quickly, and you can cancel the logout clean up process without worry.
As for, why would you prefer EncFS? You wouldn't. It actually does work reliably. FTA:
In other words, not only can it not replace FileVault, but it can't even be used for the things a normal Mac user might want to encrypt (Mail folder, iPhoto library, etc.).
Good idea, so-so choice of technologies (Score:1, Insightful)
The gist of the tip is to create an encrypted container, move your important stuff into that container and then create symlinks from/to the original locations. Be sure to mount/unencrypt the container at boot.
Why ENCFS? Why not a very strong encrypted disk image? Why not Truecrypt? The author doesn't say.