Nathan Sims <[email protected]> squawked out on Monday 12-Sep-2011@14:26:07 > > On Sep 12, 2011, at 12:07 PM, David Schwartz wrote: > >> With File Vault 2 enabled, the General tab of the Security & Privacy >> preference pane's "Require password … after sleep or screen saver begins" >> cannot be turned off, with the only options being how long before the >> password kicks in. So user error is unlikely to allow an exploit should >> someone run off with it. Even the recovery partition can't be booted without >> the machine password. > > File Vault is a tantalizing option, but I have always been a bit intimidated > to enable it: > 1. Is File Vault one-way and forever on a volume? > 2. When it is first enabled, does it laboriously go through your /Users > account and encrypt everything in one fell swoop, and then afterwards encrypt > files only as they are saved?
It does this for the Time Machine backups. For the disk it encrypts the entire disk. How fast is it? I don’t know I haven’t tried it. I suspect it is either miraculously fast (throw the switch and it’s done) or it takes days. > 3. How much overhead is there when its on, any perceived lagging or slowness? No. The encryption is at the driver level. You will never notice it. Even running benchmarks there is almost no measurable difference in speeds. > 4. What happens if/when you turn File Vault off? Dunno. > 5. If the master password is forgotten, is recovery hopeless? Yep. Turning on encryption requires TWO passwords. One is your regular password to give you access to the machine. One is the master password to recover any data on the machine. This one you need to keep someplace safe. The first one is just going to be your login password. FTW, I would never ever ever run WDE (whole Disk Encryption) on a disk that was not being backed up at least twice, but I am paranoid. -- Today the road all runners come/Shoulder high we bring you home. And set you at your threshold down/Townsman of a stiller town. _______________________________________________ MacOSX-talk mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-talk
