Apple At-Rest Encryption

BizDevCon bizdevcon at
Wed May 27 23:10:07 PDT 2015

Polemic question: how do you want to propose default File Vault encryption when I see most people using 0000 as their default iPhone password?

Real question: using encryption also forces one to thing about a proper backup strategy. And where will the average user store his FileVault key for each device? I remember one service (not sure which one) which forces you to store and print a backup key. You cannot / could not copy and paste: disabled! (I think it was even some Apple service.)

Default File Vault is neat but forget "recovering" stuff when your wife/kid/mom/dog forgets the passcode… The recent death of my father also made me think of implementing a "two-level" personal privacy:

1) Things you want others like relatives to have access to in the ultimate scenario of death.
2) Things you want to keep private forever.

My dad never thought about such and his social accounts are as much protected as mundane information on insurance information of a shared property. In other words: I have a hard time unbundling everything and I am even thinking of taking a strong magnet and let it do the final task on his iMac…

Long post, short summary: we need to rethink storing personal information before enabling things like File Vault for everyone.

– BizDevCon
-------- Original Message --------
Subject: Re: Apple At-Rest Encryption
Time (GMT): May 28 2015 05:01:13
From: jon at
To: anx at
CC: cypherpunks at

> On May 25, 2015, at 1:11 PM, anx wrote:
> What are some bottlenecks to Apple turning on File Vault by default? I
> can only come up with "battery life."

You should turn it on. The battery effect on the CPU is negligible; it’s using AES-NI in the processor and that’s running at less than one clock per byte. But if you’re on a computer that has flash – like any of the Air/Retina machines – the write time and power requirements of NAND flash are much better when you use a whitening function, of which AES makes a great one.

But in any event, it’s all going to be not worth worrying about in the costs. You might even benefit. You are also gaining in the security end. We can certainly debate whatever the operational security benefits are from encrypting your disk, but the real benefit comes from when you inevitably decommission that machine and storage. You are vastly, vastly better off with encrypted storage then, and better off for having encrypted it all along.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2912 bytes
Desc: not available
URL: <>

More information about the cypherpunks mailing list