What are the current options to encrypted a partition on mac os x?

0

I recently got my laptop stolen with some sensitive informations on it (personal source code, bank details in a secure file, passwords, etc) and I learnt the lesson: encrypt your sensitive data. Now, I am wondering what are the options to encrypt a partition (not an encrypt disk image) ?

Aim: The aim is to prevent anyone (except me) to access those data.

Requirement 0: The software must be able to encrypt non system partition.

Requirement 1: Plausible deniability is required but preventing cold boot attack is however not an absolute requirement (I am not famous enough or have sensitive enough info to have this kind of requirement).

Requirement 2 : Software taking advantage of AES hardware encryption are very welcome as I intent to get a Macbook Pro with i7 CPU (with AES-NI enabled instructions). I will have avirtual machine running in the encrypted partition.

Requirement 3 : Free or reasonably cheap.

Requirement 4 : Software must run on Mac OS X Snow Leopard or Lion.

So far, TrueCrypt is the only option I have found.

Regards,

David Andreoletti

Posted 2011-04-26T16:58:42.843

Reputation: 250

How do you get from having a laptop stolen to needing plausible deniability? – Daniel Beck – 2011-04-26T18:38:01.073

Answers

0

I would have recommended TrueCrypt as well and am not incredibly familiar with OS X options, but here goes:

  • FileVault: built into to OS X, which is nice. Link to a how to HERE. I am not aware of whether or not encrypting an actual partition is possible with this, though. You could perhaps setup your home folder on a separate partition, then use FileVault on it, and it would be encrypted and also on its own partition?
  • EncFS: homepage HERE and a guide on how to use it on OS X is HERE, though that author now recommends against EncFS in favor of FileVault if using 10.6.
  • GnuPG: I'm including it only because it's free and widely used. It will not encrypt a partition but does work nicely for transferring files safely, or perhaps encrypting files here and there around your drive. Website HERE.

I don't really know of any other options for you. I use Linux and use LUKS/dm-crypt and I know that Windows (and I think Linux) can use FreeOTFE. Those are about all the options I'm aware of, period. I think TrueCrypt is your best bet, as I think it's the only one that meets your requirements. None of mine offer plausible deniability.

On that note, I don't think plausible deniability buys you anything in the case of theft -- is that your understanding or were you thinking someone might crack an "outer" shell and not the inner volume? I don't think it works like that. Not to mention that xkcd also probably got it RIGHT.

Hendy

Posted 2011-04-26T16:58:42.843

Reputation: 449

XKCD almost got it right! Though regarding plausible deniability, I had in mind that if someone steals my laptop (and I am not there to threaten with a 5 dollar wrench about whether this partition contains data), they will have to figure out if the partition is encrypted or randomly wiped out or simply never used ...

Now, If I have a encryption software such as True Crypt installed, they will likely guess that the partition is encrypted in some way but then they will have to decrypt it. So, I think, going into this direction is worth - it offers a maximum of two security points. – David Andreoletti – 2011-04-26T18:28:23.950

Yes -- don't be there to threaten :) I would look into encryption in general. My understanding was that it shouldn't matter how many hidden layers exist -- encrypted is encrypted. This is why if you google things like "how to unlock my encrypted disk, lost password," the answer is always "impossible." I really don't even know what tools one would need to decrypt via brute force. I think a "single layer" (no plausible deniability) and strong pass phrase are going to be ample deterrents for a laptop thief who probably just wants to sell it anyway. – Hendy – 2011-04-26T18:43:33.663

Yes, that very true. – David Andreoletti – 2011-04-26T19:37:38.417

Asked: 2011-04-26T16:58:42.843

Viewed: 2 036 times

Active: 2011-06-26T08:01:07.687