FileVault Success Stories???

[NeXTLoop]

So, it's been 3 1/2 months and two systems updates since the release of Panther. We've all heard the horror stories surrounding FileVault. The question is, have any of these system and security updates fixed the problems once and for all? Are any of you using FileVault without any problems? And if you are, how have you been using it?

[mervTormel]

won't touch it with a 10 foot barge pole.

[NeXTLoop]

That's been my thinking as well. I really like the concept, as I have source code and other business related stuff on my PowerBook. But it's a little disconcerting that there haven't been very many positive reports... even after the system updates that were supposed to fix the issues.

[gatorparrots]

Quote: Originally posted by mervTormel won't touch it with a 10 foot barge pole.

ditto that.
I would prefer to create my own sparseimage or fixed size DMG and keep it in an obscure loctation on the filesystem, rather than encrypting the entire home directory. Also, I would prefer to pick the encryption algorithm -- 128-bit AES seems a bit anemic to the point of being worthless.

[NeXTLoop]

Well guys.... I've decided to take the plunge and be a guinea pig. I've spent the last few days doing a bunch of research on FileVault, including the article on MacDevCenter about it. In the end, due to the sensitive data on my PowerBook, I decided it was worth the risk.

So I took all the precautions, and followed all the steps in that article to minimize any risk. I guess time will tell if the risk is worth it.

I'll post back here periodically to let you guys know if there's any problems.

[Thomas Hardly]

I've been using File Vault with Panther since it was released with no bad results at all. I updated to 10.3.1 very soon and then to 10.3.2. I never really played around a lot on the original 10.3 version which I know many people had problems with FileVault.

I am a fairly heavy duty user and do developement along with many other uses on my laptops. I have moved my IPhoto and Itunes directories out of my home directory to another partition. I don't care for secure storage of my mp3's and image archive.

But I do care about fairly strong security. I use FileVault in conjunction with PGPDisk inside of my encrpyted user folder for items that need that extra security; source code, etc.

Hope that helps some of you out. Any other questions?

[robJ]

Quote: Originally posted by gatorparrots I would prefer to create my own sparseimage or fixed size DMG and keep it in an obscure loctation on the filesystem, rather than encrypting the entire home directory.

Here's the thing that burns my toast. In Jaguar (no Panther here yet), the man page for hdiutil says that sparse images should not be used for persistent storage. Has this changed in Panther's version of hdiutil? When a user logs out, is the sparse image converted to a different type of image? If not, I find it troubling that FileVault uses sparse images.

On a somewhat related note, it seems, based on the feedback of others, that FileVault might be at the heart of problems when using AppleScript's 'path to' command.

-- Rob (who wouldn't use FV if he did have Panther)

[jbc]

rob-

Just came across this in the 10.3.2 manpage for hdiutil and remembered your post. Thought you'd be interested.

Quote: USING PERSISTENT SPARSE IMAGES SPARSE images (and shadow files) were originally designed for the inter- mediate steps in the creation other images (e.g. UDZO) when final image sizes are unknown. As of OS X 10.3, partially-updated SPARSE images are now properly handled such that they can be safely used for persistent storage. SPARSE images are not recommended for persistent storage on earlier versions of the operating system. resize can resize an HFS+ filesystem within predefined stretch limits.

[robJ]

Quote: Originally posted by jbc Just came across this in the 10.3.2 manpage for hdiutil and remembered your post. Thought you'd be interested.

jbc, that's very good to know. Thanks for remembering and for the info! :-)

-- Rob

[saint.duo]

I'm working on moving my music out of my home folder and enabling file vault (running 10.3.4) tonight, as I'll be going out of town in a few days and want my data protected on my PowerBook "just in case". The machine will be with me, but auto screen saver, password on wake, no auto login, and filevault will all be on, as well as a hot corner for screen saver.

I use this machine extensively right now, so I'll report back in about a week and let everyone know how it's going.

Well I've been using Filevault since I got my Mac last year, and have had absolutely no problems with it. The most annoying thing I find is if you log out or need to reboot is the "Filevault is taking up more space than required..." message which can sometimes take a while to do it's bit of housekeeping. No data corruption or anything though. (yet!!!)

[jawn]

I started using it a week or so ago, and have had no problems. There is no lag opening any files in the home directory, and I have not experienced any data loss yet.

Quote: Originally Posted by ibroughton Well I've been using Filevault since I got my Mac last year, and have had absolutely no problems with it. The most annoying thing I find is if you log out or need to reboot is the "Filevault is taking up more space than required..." message which can sometimes take a while to do it's bit of housekeeping. No data corruption or anything though. (yet!!!)

I take it all back. Recently my profile became corrupted and OS X (Or filevault, I dunno which) decided that my home folder should become hidden (ie it was ".iain") and so the system would not let me log on.
I tried (rather simplisticly) to just make the folder visible again and remove the "." , repair permissions etc... but alas nothing.
Fortunately, I was able to log in as root and mount the hidden filevault image as a drive and recover all of the data that was in my home directory, but it did mean a full re-install (Yes I tried deleting and re-creating my normal username, but it had no effect, it was still "." and still encrypted for some reason. Possible OS corruption, but the fact that it was relatively difficult to recover my data has put me off FileVault. It has to be a case of 'once bitten, twice shy' I'm afraid. Untill there are improvements to the FileVault system, I shall not be burnt by it again.
If I want to encrypt my data I'll use an alternative method as discussed elsewhere. I was lucky in being able to recover everything, I guess other users may not be so lucky!

[jaguarcy]

For some reason I've never been able to enable FileVault on my iBook (always running latest version of Panther). When I try to turn it on it encrypts everything successfully but then crashes on the last step (don't remember what that is, mounting? it's been a month or two since i last tried it) but thankfully reverts to the original storage without any corruption.

I think the reason is because I'm using the primary admin account for logging in? Creating another user account has no problems with FileVault (at least none for enabling it). Or it could be something I messed up with my admin account... either way, I wasn't that concerned with encrypting my home directory, only needed a couple of files encrypted. Now to the workaround:

Create another user account, give it a password, log in, and turn on filevault. log out, copy the .sparseimage file that's the home directory somewhere else, and remove the account. Now you have a disk image that's mountable, protected by that password (i don't think you can easily change it, if at all), and you can store anything you want in it. To access it you'll have to enter the password every time.

Disadvantage: manual space management. The sparseimage increases in size to accomodate anything you put in it, but it doesn't become smaller when you delete anything. You need to run an external utility (hdiutil i think?) to restore it to its maximum needed size. I've done that a few times without any problems.

Haven't had any problems with this solution so far, but haven't tried pgp/gpg software for encrypting my few files, so i can't compare. anyone?

[Thomas Hardly]

I've used since file vault for many months now with very few problems, but find myself now using pgp disk for more secure storage requisites.

My main reason is not file vault problems but the fact that osx swap files keep paintext login passwords (along with many others) that can be easily recovered with admin or physical access. (http://securityfocus.com/archive/1/3...4/2004-06-30/2)


Two "solutions" to this problem:

turn your swap off
http://www.macosxhints.com/article.p...40809191855264

encrypt your swap
http://andreas-s.net/osx-encrypted-swap.html


warning - both of these methods can create some problems. I hav used the "no swap" method for a couple months with only the occasional freeze up due to not enough memory when trying to open a hundred or more images...

The encrypted swap method is brand new and I have only just started testing it.

[jaguarcy]

Using the stand-alone file-vault sparseimage file avoids the problem with the cleartext storage of the admin pass in the swap file (I believe), since its password is independent of your admin pass since the account used to create the image is deleted (assuming you select a different password while creating it). However I don't know if that password is stored in the clear whenever you mount the sparseimage. I'll check it out when I get my iBook back (it's in the shop, motherboard problems...) and post a reply.

[realitybased]

From reading this thread I can't tell whether this is about success stories or horror tales. Unfortunately I didn't read this before my own horror story developed. I've been using Panther for almost a year now, which is the version that came on my PowerBook. I turned on file vault immediatly and it worked great for me. Unfortunately I trusted Apple a little too much and stopped backing up my vault as it climbed to 10 gigs and almost 9000 files. Last weekend I updated to OS X 10.3.6. At the subsequent restart the file vault cleanup routine ran for about 45 minutes before the machine finally restarted. My file vault has been a file coffin every since. Disk Utility gives me a btree node error when trying to scan it, and Norton's Volume recover can find the files in it, but dies when it tries to recover them. Apple's tech support gave me no help whatsoever when I called them in distress. Their solution is to erase the hard drive, re-install, and work from there. WHAT???? I love Macintosh, but my trust in Apple is migrating towards the closet where my trust in Microsoft is mothballed.

To those of you that are using file vault without problem, don't ever stop backing up your vault. I on the other hand will be looking for a better third party file protection solution if I ever get my files back. If I don't, I'm sending my PowerBook to eBay reincarnation and trying something else.

[osxpounder]

Quote: Originally Posted by jbc rob- Just came across this in the 10.3.2 manpage for hdiutil and remembered your post. Thought you'd be interested.

Thanks so much for finding & sharing that! I've been relying on encrypted sparseimages for a while, and worried enough about them that I'd periodically renew them [make new one, copy to new one, delete old one]. Great to know I don't have to do that any longer.

[GavinBKK]

I tried to enable FileVault but got an error message saying that FV needed an extra - wait for it - 4067.21Gb. No typo there. Over four thousand Gb extra???

What's going on?
Gav.