Talk:FileVault

Update
This page seems somewhat outdated. Sparse bundles could be mentioned. Also, are there any cryptographic enhancements in Leopard? —Preceding unsigned comment added by 81.191.62.46 (talk) 20:14, 20 November 2007 (UTC)

"Time Machine is limited to restoring the home directory in its entirety" - That is not correct for 10.6 (Snow Leopard). Only the segments of the encrypted sparse bundle will be backed up. This article is really outdated. —Preceding unsigned comment added by 109.192.56.110 (talk) 12:29, 13 March 2011 (UTC)

VileFault
Perhaps VileFault should be mentioned? --SakJur (talk) 14:44, 20 February 2011 (UTC)

FileVault 2 - should it be added here or make a new stub
As Mac OS X v10.7 Lion is now out and on a technical level, the FileVault 2 encryption is completely and totally new. The old implementation of FileVault is abandoned and a new implementation is

Old - http://docs.info.apple.com/article.html?path=Mac/10.4/en/mh1877.html
 * Makes an encrypted store that sits outside the user's home folder but on the same drive as the unencrypted files
 * Uses **hdiutil** to create sparse disk images in either v1 or v2 format (transitioning from v2 optional at 10.2 and v2 default by 10.5) and manage encryption
 * Can not encrypt an arbitrary drive internal or external - just a user's home folder
 * Uses normal IO - there are no new daemons or system frameworks
 * Only available on Mac OS X v10.6 and older

New - http://support.apple.com/kb/HT4790
 * Actually encrypts the data on the drive - everything on the Partition is encrypted
 * Uses **diskutil CoreStorage** to interact with the Apple CoreStorage subsystem/framework to manage encryption
 * Implements full disk, XTS-AES 128 encryption
 * Can encrypt an external or internal drive
 * Uses CoreStorage for IO - new system framework handles the encrypted IO as opposed to normal IO
 * Only available on Mac OS X v10.7

From a wiki standpoint - how would such a large change be added here? Would it be better to make a new stub and work on that until it's ready to go? (perhaps merging them later?)

Bmike8 (talk) 14:39, 17 August 2011 (UTC)


 * It's a good question. The current article isn't that big. I would suggest putting the FileVault 2 description in the front of the article and then rejigger the current article to be a description of of the original FileVault. Thus "Criticism" would change to "Criticism of FileVault I" etc. --agr (talk) 15:44, 17 August 2011 (UTC)


 * I suggest dividing the current article into two sections, sorted chronologically. We wouldn't be splitting the article itself, but merely subdividing...
 * RoxyFlox (talk) 18:23, 27 February 2012 (UTC)


 * I would split the article into 3 - a brief introduction explaining what and why, a section with all FileVault 2 information (as this is the current version), and lastly a historical section with all the FileVault 1 specific information (which is much of the current article, but irrelevant to many readers) --Rjmunro (talk) 11:13, 10 January 2013 (UTC)

Criticisms/Security: Original Research?
It would appear that the second, third and fourth paragraphs of this section (regarding FileVault and its encryption algorithms and use of recovery keys) are original research, or at the very least, make a lot of points without any citations to back up the information presented. It would be useful to have supporting citations for these sections to bolster the veracity of what is being said here. Scaredpoet (talk) 21:23, 14 September 2011 (UTC)


 * Agreed, this should be removed until it has been rectified- at the very least it is inaccurate, and written in a personal mannor 49.196.40.75 (talk) 07:38, 2 February 2012 (UTC)

Criticisms/Security: NPOV
The fourth paragraph uses editorial language, such as "glaring" and "unbearably long," which is not sourced and adds little to the article.


 * I've edited the section to separate out the 1st generation issues and remove editorial terms.--agr (talk) 19:52, 2 November 2011 (UTC)

Criticisms
In light of the following links, I feel the entirety of this section is wrong and should be revised:

I.e., the appellation "XTS- AES 128 encryption" refers to a tweakable bloc cypher, optimized for sector-based storages. The number "128" refers to the block size, not the key size! FileVault should still use a 256bit encryption key. (I currently have no confirmation of this, other than what is discussed in the aforementioned references.) — Preceding unsigned comment added by Trimtabo (talk • contribs) 20:19, 23 November 2011 (UTC)


 * You are right, Apple mixes up block size and key size themselves here here (for Panther) and here (for Mountain Lion) but they are correct here. I added a reference to the article.2pem (talk) 17:55, 21 January 2013 (UTC)

Starting the OS with FileVault 2 without a user account
Subsection added.

For selected points: detail, with photographic evidence, is within an answer in Ask Different. Readers may treat this as complementary to Apple's technical white paper. The up-votes signify confidence from external sources, but probably not enough to treat the material as encyclopaedic for Wikipedia.

Grahamperrin (talk) 06:57, 5 September 2012 (UTC)

Recovery key not encoded base32
The recovery key is not encoded in base32, which only includes [A-Z] and [2-7] according to base32. The referenced paper is wrong on this. See for example and  which includes non-base32 character 8 and 9. If somebody knows what encoding this is, please add it to the article. 2pem (talk) 11:01, 9 February 2013 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified one external link on FileVault. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20080514160137/http://citp.princeton.edu.nyud.net/pub/coldboot.pdf to http://citp.princeton.edu.nyud.net/pub/coldboot.pdf

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 13:20, 31 December 2016 (UTC)