Re: [Fed-Talk] Two Questions about FileVault
Re: [Fed-Talk] Two Questions about FileVault
- Subject: Re: [Fed-Talk] Two Questions about FileVault
- From: "Miller, Timothy J." <email@hidden>
- Date: Wed, 13 May 2015 14:26:30 +0000
- Thread-topic: [Fed-Talk] Two Questions about FileVault
> When using DU to erase and encrypt a volume, check diskutil cs list and 30
> seconds later the drive is listed as fully secure, conversion complete. Yet,
> while LOCKED and UNMOUNTED, on a system that's never touched that
> drive, the free space content is trivially recovered with Data Rescue 3 or 4.
> Unlike the other methods, DU is not running a background process to
> encrypt the entire drive.
I was hoping that wasn't the case, but I wasn't able to tease that out from the thread.
I'd feel better if you were able to reproduce on a system that has no HFS+ support or by using other techniques just so as to eliminate the possibility that Data Rescue and or CoreStrorage is smart enough to snag credentials from Keychain and unlock/decrypt the volume on its own. There are some projects working in this space (e.g., hfsexplorer), so it's entirely possible.
If you can do so, that's a vulnerability--if Apple won't give it attention you could disclose via CERT or a similar body.
The obvious workaround would be to secureErase prior to formatting with diskutil or after, using secureErase freespace.
-- T
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
References: | |
| >Re: [Fed-Talk] Two Questions about FileVault (From: "Campbell, Paul Madison (ARC-TH)[ASRC RESEARCH & TECHNOLOGY SOLUTIONS]" <email@hidden>) |
| >Re: [Fed-Talk] Two Questions about FileVault (From: "Henry B (Hank) Hotz, CISSP" <email@hidden>) |
| >Re: [Fed-Talk] Two Questions about FileVault (From: "Campbell, Paul Madison (ARC-TH)[ASRC RESEARCH & TECHNOLOGY SOLUTIONS]" <email@hidden>) |
| >Re: [Fed-Talk] Two Questions about FileVault (From: William Cerniuk <email@hidden>) |
| >Re: [Fed-Talk] Two Questions about FileVault (From: "Trouton, Rich R" <email@hidden>) |
| >Re: [Fed-Talk] Two Questions about FileVault (From: "Miller, Timothy J." <email@hidden>) |
| >Re: [Fed-Talk] Two Questions about FileVault (From: "Campbell, Paul Madison (ARC-TH)[ASRC RESEARCH & TECHNOLOGY SOLUTIONS]" <email@hidden>) |
| >Re: [Fed-Talk] Two Questions about FileVault (From: "Henry B (Hank) Hotz, CISSP" <email@hidden>) |
| >Re: [Fed-Talk] Two Questions about FileVault (From: "Campbell, Paul Madison (ARC-TH)[ASRC RESEARCH & TECHNOLOGY SOLUTIONS]" <email@hidden>) |
| >Re: [Fed-Talk] Two Questions about FileVault (From: "Miller, Timothy J." <email@hidden>) |
| >Re: [Fed-Talk] Two Questions about FileVault (From: "Campbell, Paul Madison (ARC-TH)[ASRC RESEARCH & TECHNOLOGY SOLUTIONS]" <email@hidden>) |