Re: FileVault on other than home directories on MacOS?

2009-09-28 Thread james hughes
On Sep 22, 2009, at 5:57 AM, Darren J Moffat wrote: Ivan Krsti wrote: TrueCrypt is a fine solution and indeed very helpful if you need cross-platform encrypted volumes; it lets you trivially make an encrypted USB key you can use on Linux, Windows and OS X. If you're *just* talking about

Re: FileVault on other than home directories on MacOS?

2009-09-28 Thread Jacob Appelbaum
Ivan Krstić wrote: On Sep 22, 2009, at 5:57 AM, Darren J Moffat wrote: There is also a sleep mode issue identified by the NSA Unlike FileVault whose keys (have to) persist in memory for the duration of the login session, individual encrypted disk images are mounted on demand and their keys

Re: FileVault on other than home directories on MacOS?

2009-09-28 Thread Darren J Moffat
james hughes wrote: TrueCrypt on the other hand uses AES in XTS mode so you get confidentiality and integrity. Technically, you do not get integrity. With XTS (P1619, narrow block tweaked cipher) you are not notified of data integrity failures, but these data integrity failures have a much

Re: FileVault on other than home directories on MacOS?

2009-09-23 Thread Darren J Moffat
Ivan Krsti wrote: TrueCrypt is a fine solution and indeed very helpful if you need cross-platform encrypted volumes; it lets you trivially make an encrypted USB key you can use on Linux, Windows and OS X. If you're *just* talking about OS X, I don't believe TrueCrypt offers any advantages

Re: FileVault on other than home directories on MacOS?

2009-09-23 Thread Alec Muffett
In Disk Utility - New Image, select size, properties and encryption type (AES 128 or 256) and Create. Then mount and use your encrypted disks as needed. Just as an aside: on 10.5 and upwards I have taken to using encrypted sparse bundles rather than simple images; the advantage of doing

Re: FileVault on other than home directories on MacOS?

2009-09-23 Thread Matt Crawford
On Sep 21, 2009, at 3:57 PM, Steven Bellovin wrote: Is there any way to use FileVault on MacOS except on home directories? I don't much want to use it on my home directory; it doesn't play well with Time Machine (remember that availability is also a security property); besides, different

Re: FileVault on other than home directories on MacOS?

2009-09-23 Thread Ian G
On 22/09/2009 14:57, Darren J Moffat wrote: There is also a sleep mode issue identified by the NSA: An extremely minor point, that looks like Jacob and Ralf-Philipp perhaps aka nsa.org, rather than the NSA.gov. Still useful. iang

Re: FileVault on other than home directories on MacOS?

2009-09-23 Thread Ivan Krstić
On Sep 22, 2009, at 5:57 AM, Darren J Moffat wrote: There is also a sleep mode issue identified by the NSA Unlike FileVault whose keys (have to) persist in memory for the duration of the login session, individual encrypted disk images are mounted on demand and their keys destroyed from

Re: FileVault on other than home directories on MacOS?

2009-09-22 Thread Adam Fields
On Mon, Sep 21, 2009 at 04:57:56PM -0400, Steven Bellovin wrote: Is there any way to use FileVault on MacOS except on home directories? I don't much want to use it on my home directory; it doesn't play well with Time Machine (remember that availability is also a security property);

Re: FileVault on other than home directories on MacOS?

2009-09-22 Thread Ivan Krstić
Steve, On Sep 21, 2009, at 1:57 PM, Steven Bellovin wrote: Is there any way to use FileVault on MacOS except on home directories? FileVault is essentially just the name for a plain encrypted disk image which happens to have some voodoo associated with it to get pivoted in as your homedir

FileVault on other than home directories on MacOS?

2009-09-21 Thread Steven Bellovin
Is there any way to use FileVault on MacOS except on home directories? I don't much want to use it on my home directory; it doesn't play well with Time Machine (remember that availability is also a security property); besides, different directories of mine have different sensitivity