FileVault on other than home directories on MacOS?

Jacob Appelbaum jacob at
Fri Sep 25 04:26:22 EDT 2009

Ivan Krstić wrote:
> On Sep 22, 2009, at 5:57 AM, Darren J Moffat wrote:
>> There is also a sleep mode issue identified by the NSA
> Unlike FileVault whose keys (have to) persist in memory for the duration
> of the login session, individual encrypted disk images are mounted on
> demand and their keys destroyed from memory on unmount.

The devil is in the details. If you use your default keychain to unlock
a disk, I believe the _passphrase_ is still stored by in
plain text... So even if they destroyed keying material properly (do
they? Is there source we can review for how FV works?) when the disk
isn't in use, I somehow doubt that it's really safe to use FileVault in
some circumstances against some attackers. Especially if you have a
laptop and especially if you didn't turn on encrypted swap. Also
especially if you happened to use the encrypted swap feature when it
wasn't working. The list of hilarious bugs goes on and on.

(The bug is as old as the hills and I'm one of a dozen
people to have reported it, I bet. Apple still hasn't fixed it because
they rely on a users password being in memory to escalate privileges
without interacting with the user! I hear they're working on a fix but
that it's difficult because many systems rely on this "feature.")

I haven't been working on or thinking about VileFault much but I suppose
that we probably could add support for sparse bundles if someone wanted.
I've been bugging Apple for some specifications and so far, it's been
years without a real response.

Most of what we know is in VileFault:

It would be really awesome if Apple would open up all of this code or at
least publish a specification for how it works. With either we could
have a Fuse file system module to support these disk images on other


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 155 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the cryptography mailing list