Wednesday, March 9, 2011

Lion Preview: Disk Encryption

FileVault,a system that protects files on a Macintosh computer was introduced with Mac OS X v10.3 ("Panther"). Content is automatically encrypted and decrypted on the fly.

With Lion Apple changed this concept from a user folder encryption to whole harddrive encryption, and they did an awesome job.



You can basically enable and disable the encryption at any time and the os will perform the encryption/decryption in the background allowing you to continue your work.

With enabled file encryption the user login will appear actually before the os boots ensuring only authenticated user's can access the harddisk files. You also get a backup key in case you need to access the harddisk from another os or you accidentally delete all user's. If you have a mobile.me account you can also backup your key online.


Once finished the system works fully transparent and you wont even notice that you are working on a encrypted drive besides the biggest problems with harddisk encryption: The Performance.
Apple did amazingly work here, without encryption Lion performs much better then Snowleopard and even with activated encryption you probably won't notice a big performance drop at all.


My personal benchmark results with xBench (warning: not scientific and no lab environment ;) 

As you see the only real impact on performance with enabled encryption happens on writing data but its nowhere near the slowdowns you would experience with TrueCrypt or BitLocker. Reading data is amazingly a lot faster then with Snowleo even on an encrypted filesystem.


Conclusion
Apple did a good job revamping FileVault into a full blown harddisk encryption with great performance and easy handling.

70 comments:

baxxman said...

Wow, so cool that you are already able to test that new OS! Thanks very much for sharing

The Angry Lurker said...

Still here and taking notes.

Anton Nuemus said...

I'll show this imediately to my friend. He's a real apple-freak too

CandleintheDark said...

Thats awesome. Seems very useful

elexerdelex said...

Are all computers encrypted the same way? or am i just a techology-analphabet?

Robert Fünf said...

Personally, I use True Crypt for my encryption. I know it's for Windows/linux....I think it's available for Mac as well.

mac-and-me said...

@Robert Fünf
Truecrypt has horrible performance compared with the built in encryption
and yes its available for os x as well

@elexerdelex
Each Mac has a own key that gets generated when you initiate the encryption

Random Fan said...

I thought macs were their own security?!

Alphabeta said...

Good to hear it's a lot faster.

Alphabeta said...
This comment has been removed by a blog administrator.
Alphabeta said...

502 error & f5 generated double comment. Woops.

mac-and-me said...

@Random Fan: they are, the disc encryption is part of the mac security concept

HurdyG said...

I'll have to try that...

Jack Mussolini said...

learning something new every day

akrater said...

Wonder if there will be anything similar for windows platforms.

Justsayin' said...

I have never had a Mac but it sounds cool. :)

duffboi said...

sweet. now i need a mac!

PvtCarlin said...

Very nice software.

Alexander said...

Nice to see that security is being more heavily addressed. thanks for sharing!

The_illustrative_Mind said...

I like it. This could prove useful some day.

tearinox said...

encryption does data good

Evan said...

It looks like lion is going to be a really good os. Do you know when it comes out?

A Hermit said...

That seems useful.

Dranian said...

yeah, i use truecrypt but it does indeed have that performance drawback you mentioned. does this work for external drives and such too?

one nice thing about truecrypt is that it's pretty common and cross platform so you can always plug in a portable drive and access your encrypted info on other computers. If this can do the same, then that's pretty cool.

Chris said...

Great info here

Steven said...

Looks pretty good

Questions said...

Gotta hide that porn somehow.

Mostly Irrelephant said...

Would come in very handy at airports. Believe it or not, recently the security people put a federal trojan on a business mans laptop while went through security.

Assange No.1 Fan said...

Truecrypt.

haluk said...

thanks for info

muckyourself said...

sounds very safe

Aaron M. Gipson said...

I like Truecrypt too, but I am always on the lookout for something better. But I guess this will pretty much be exclusive to the Mac OS, right?

amBored said...

thank you for sharing this nice tip

mac-and-me said...

@Aaron M. Gipson
its no add on application its part of the operating system, so yes its pretty much exclusive

mac-and-me said...

@Evan
late summer this year

Shutterbug said...

It sounds good to me. Can't wait for it to come out. :)

Killy said...

can't wait to lion ;w;

Something Concupiscible said...

This makes me want a Mac.

Maki said...

Gimme a Mac right now! following for future tips and maybe ill end up buying 1!

A said...

It sounds cool but I would never ever trust encryption software that isn't in some way opensource.

Motivationalized said...

Good to know.

Altenfrost said...

Very useful. Thx for the info.

mac-and-me said...

@A
http://www.opensource.apple.com/source/libsecurity_filevault/libsecurity_filevault-36064/lib/
i am sure after the Lion release you will find the sources there as well.

thenitefalls said...

This will be good for protecting files from hackers :D

Glovey said...

Ahh again another great tip! Agree with above post! Thanks for sharing!

anonymous said...

please keep showing, i'm lovin it. (not associated with Mc Donalds)

Paranormal Explorer said...

Cool. Very useful :)

stebolius said...

This have to be great software.

Meghan Moran said...

Guess you can't be too safe, eh?

Trelin said...

So they integrated truecrypt into the os, nice. What encryption algo do they use? Does it take advantage of AES acceleration in the new intel processors?

Rachel Neilson said...

Nice, I'm glad it works well!

mac-and-me said...

@Trelin
Encryption is AES-128, yes its hardware accelerated, check my benchmark to see how well it performs compared to native speed (benchmark is on a core duo tough)

Hot New Music Today said...

Nice post! Keep in touch.

hotnewmusictoday.blogspot.com

G said...

like 'A' i'm usually distrustful of proprietary encryption but cheers for the additional link :)

clique said...

That's interesting.

Clarence Miller said...

following and $upporting

therichesthappiest.blogspot.com

Adventure Person said...

Awesome feature!

Copyboy said...

Lion security. Nothing like it.

Ross said...

apple does make very good stuff

ed said...

privacy is always good

schultzz said...

interesting read, not that im a fan of disk encription.

Diorf said...

Really good read!

Triper said...

Thanks for sharing :)

Kim Anders said...

thx for sharing!

ankmanpro said...

Oooh looks great!

Con Queso said...

Nice, sounds even better than Truecrypt! haha

YellowNiceTechno said...

It makes PC faster? wow

Merlyy said...

interesting :)

MacAttack said...

I did a small piece about the new full disk encryption features of Lion on my blog, it looks like a great new addition!!

max.c said...

thanks for sharing!

followed!

http://www.daily-life-of-mxc.blogspot.com/