Apple At-Rest Encryption
What are some bottlenecks to Apple turning on File Vault by default? I can only come up with "battery life." --Anx
I don't think there's a huge battery life hit... With the exception of a few of us on this list and elsewhere, the majority sentiment is: Nobody cares about FDE. Nobody wants to use a strong password that they have to type during boot and during login and whenever the screensaver comes on. Nobody wants to wait for the disk to be overwritten with random bytes during install time. Nobody wants to deal with the additional complexity at re-install or recovery time. [Although, recovering a file vault partition with Apple's 'internet recovery' is a real treat. Kudos Apple - is that .iso signed?] Nobody wants to deal with having to remember the complex, strong password. Basically, the majority of people would be fairly upset at being subjected to the limitations of FDE as it is, maybe they can mostly be designed / implemented away, but that's point number one - nobody cares. -Travis On Mon, May 25, 2015 at 4:11 PM, anx <anx@riseup.net> wrote:
What are some bottlenecks to Apple turning on File Vault by default? I can only come up with "battery life."
--Anx
-- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>
On May 25, 2015, at 1:11 PM, anx <anx@riseup.net> wrote:
What are some bottlenecks to Apple turning on File Vault by default? I can only come up with "battery life."
You should turn it on. The battery effect on the CPU is negligible; it’s using AES-NI in the processor and that’s running at less than one clock per byte. But if you’re on a computer that has flash – like any of the Air/Retina machines – the write time and power requirements of NAND flash are much better when you use a whitening function, of which AES makes a great one. But in any event, it’s all going to be not worth worrying about in the costs. You might even benefit. You are also gaining in the security end. We can certainly debate whatever the operational security benefits are from encrypting your disk, but the real benefit comes from when you inevitably decommission that machine and storage. You are vastly, vastly better off with encrypted storage then, and better off for having encrypted it all along. Jon
participants (3)
-
anx
-
Jon Callas
-
Travis Biehn