found drama

get oblique

VileFault.

by Rob Friesel

After a few months of flirting w/ Apple’s implementation of the AES-128 encryption scheme (a.k.a. FileVault), I have decided to disable it and wait for the next release. Despite all of my paranoia and desire to keep assorted docs and records as secure as possible, it has req’d too many jumped hoops, headaches, hacks, kludges, experiments, work-arounds, and merry-go-rounds to be worth the supposed 149×10^12 years of security.

Basically, I’m exhausted of thinking that I had the system figured out in such a way that I use it w/ such-and-such a hack and live w/ it, only to find one other bug/feature that req’d more hoops, headaches, hacks, etc. Eventually you’ve read enough pro/con reviews and clever but complex hacks to last a lifetime. After all, while while keeping my financial statements and work docs encrypted is more than desirable (credit to zorka here) “I can imagine that encrypting one’s Music directory is a wee bit excessive.”

So w/o further ado: Apple’s FileVault To-Do List:

  1. Choice between partial and total encryption. re: the complex/clever hack above; give the option to create a “secure” folder w/in the home folder or securing the entire home folder.
  2. Improve OS X’s ability to talk to FileVault. Doing this might actually knock out the one above. The [en/de]crypt on-the-fly performance does very well (even on this G3 iBook) but the file system seems to have a hard time actually finding anything in the encrypted “sparse disk image”. Once mounted, my AppleScripts should be able to find the files that live along a given encrypted path.

Even just one of those two should solve most of the problems I had noted. In the meantime, better stick to strong passwords (since apparently that’s FileVault’s weak point anyway).

UPDATE: Let’s add a #3 to that list above. More accurately, let’s call it “1(b)”… Maybe a “secure” folder isn’t the answer. Maybe it’s being able to select which folders to encrypt and which to leave alone. Something more selective. E.g., encrypt “Home/Documents” but not “Home/Sites”, that sort of thing.

About Rob Friesel

Software engineer by day. Science fiction writer by night. Weekend homebrewer, beer educator at Black Flannel, and Certified Cicerone. Author of The PhantomJS Cookbook and a short story in Please Do Not Remove. View all posts by Rob Friesel →

Leave a Reply

Your email address will not be published. Required fields are marked *

*

*