Re: FileVault on other than home directories on MacOS?
Steve, On Sep 21, 2009, at 1:57 PM, Steven Bellovin wrote: Is there any way to use FileVault on MacOS except on home directories? FileVault is essentially just the name for a plain encrypted disk image which happens to have some voodoo associated with it to get pivoted in as your homedir at login. This to say, you can make arbitrarily many encrypted disk images with Disk Utility and use them as individual encrypted (non-homedir) folders. If you're asking whether you can turn on encryption for existing system folders, the answer is no; HFS+ itself offers no encryption facilities. I suppose I could install TrueCrypt (other suggestions or comments on TrueVault?), but I prefer to minimize the amount of extra software I have to maintain. TrueCrypt is a fine solution and indeed very helpful if you need cross- platform encrypted volumes; it lets you trivially make an encrypted USB key you can use on Linux, Windows and OS X. If you're *just* talking about OS X, I don't believe TrueCrypt offers any advantages over encrypted disk images unless you're big on conspiracy theories. Cheers, -- Ivan Krstić | http://radian.org - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: FileVault on other than home directories on MacOS?
On Mon, Sep 21, 2009 at 04:57:56PM -0400, Steven Bellovin wrote: > Is there any way to use FileVault on MacOS except on home > directories? I don't much want to use it on my home directory; it > doesn't play well with Time Machine (remember that availability is > also a security property); besides, different directories of mine have > different sensitivity levels. > > I suppose I could install TrueCrypt (other suggestions or comments on > TrueVault?), but I prefer to minimize the amount of extra software I > have to maintain. You can just create a regular encrypted disk image using Disk Utility (and set it to auto-mount using Finder if you want). - Adam -- ** I design intricate-yet-elegant processes for user and machine problems. ** Custom development project broken? Contact me, I can help. ** Some of what I do: http://workstuff.tumblr.com/post/70505118/aboutworkstuff [ http://workstuff.tumblr.com ] ... Technology Blog [ http://www.aquick.org/blog ] Personal Blog [ http://www.adamfields.com/resume.html ].. Experience [ http://www.flickr.com/photos/fields ] ... Photos [ http://www.twitter.com/fields ].. Twitter [ http://www.morningside-analytics.com ] .. Latest Venture [ http://www.confabb.com ] Founder - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: FileVault on other than home directories on MacOS?
On Sep 22, 2009, at 6:57 AM, Steven Bellovin wrote: Is there any way to use FileVault on MacOS except on home directories? I don't much want to use it on my home directory; it doesn't play well with Time Machine (remember that availability is also a security property); besides, different directories of mine have different sensitivity levels. I suppose I could install TrueCrypt (other suggestions or comments on TrueVault?), but I prefer to minimize the amount of extra software I have to maintain. Hi Steven You can just use encrypted disk images, which is IIRC what FileVault uses. In Disk Utility -> New Image, select size, properties and encryption type (AES 128 or 256) and Create. Then mount and use your encrypted disks as needed. Cheers - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com