From Darren.Moffat@Sun.COM Fri Jul 6 02:37:24 2018 From: Darren J Moffat To: cypherpunks-legacy@lists.cpunks.org Subject: Re: FileVault on other than home directories on MacOS? Date: Fri, 06 Jul 2018 02:37:24 +0000 Message-ID: <172289261490.3881296.3132192150398426260.generated@mail.pglaf.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3930708130704387806==" --===============3930708130704387806== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Ivan Krsti wrote: >TrueCrypt is a fine solution and indeed very helpful if you need >cross-platform encrypted volumes; it lets you trivially make an >encrypted USB key you can use on Linux, Windows and OS X. If you're >*just* talking about OS X, I don't believe TrueCrypt offers any >advantages over encrypted disk images unless you're big on conspiracy >theories. Note my information may be out of date. I believe that MacOS native encrypted disk images (and thus FileVault) uses AES in CBC mode without any integrity protection, the Wikipedia article seems to confirm that is (or at least was) the case http://en.wikipedia.org/wiki/FileVault There is also a sleep mode issue identified by the NSA: http://crypto.nsa.org/vilefault/23C3-VileFault.pdf TrueCrypt on the other hand uses AES in XTS mode so you get confidentiality and integrity. -- Darren J Moffat --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --===============3930708130704387806==--