Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Author

Topic: OS X Recovery Keys (Read 935 times)

empoweoqwj
hero member
Activity: 518
Merit: 500
OS X Recovery Keys
December 29, 2013, 01:36:05 AM
#14
Quote from: Cubic Earth on December 29, 2013, 01:32:46 AM
Quote from: empoweoqwj on December 29, 2013, 12:29:43 AM
OK thanks. I've not used filevault yet. Might give it a spin. Does it slow the system down much? My MacBook is ageing (2010 model), saving up for a Darth Vadar model in 2014.

If you get a new Mac that comes with a SSD, the decryption is hardware accelerated.  I have filevault enabled on my haswell macbook air and the disk I/O is lightning fast.

Yeah sounds like an SSD is a must. Thanks. Not sure my "give it a spin" is appropriate in that case though Smiley
Cubic Earth
legendary
Activity: 1176
Merit: 1018
Re: OS X Recovery Keys
December 29, 2013, 01:32:46 AM
#13
Quote from: empoweoqwj on December 29, 2013, 12:29:43 AM
OK thanks. I've not used filevault yet. Might give it a spin. Does it slow the system down much? My MacBook is ageing (2010 model), saving up for a Darth Vadar model in 2014.

If you get a new Mac that comes with a SSD, the decryption is hardware accelerated.  I have filevault enabled on my haswell macbook air and the disk I/O is lightning fast.
bitpop
legendary
Activity: 2912
Merit: 1060
Re: OS X Recovery Keys
December 29, 2013, 01:12:21 AM
#12
Oh you guys use a password not the tpm
empoweoqwj
hero member
Activity: 518
Merit: 500
Re: OS X Recovery Keys
December 29, 2013, 12:29:43 AM
#11
Quote from: Cubic Earth on December 28, 2013, 10:29:07 PM
+1 to the above.

Quote from: bitpop on December 28, 2013, 11:08:49 AM
Glad my bitlocker does just that. You guys don't get a recovery key??

When you encrypt the boot drive with filevault, you are provided with a recovery key.  I wrote mine down.  As far as other encrypted volumes go, including time machine backups, you are not provided with a recovery key as far as I can tell.

Quote from: empoweoqwj on December 28, 2013, 04:57:18 AM
I really meant if you can see the keys, what's to stop someone stealing your Mac and grabbing them all?

You need to enter you credentials before the key(s) was displayed.

OK thanks. I've not used filevault yet. Might give it a spin. Does it slow the system down much? My MacBook is ageing (2010 model), saving up for a Darth Vadar model in 2014.
Cubic Earth
legendary
Activity: 1176
Merit: 1018
Re: OS X Recovery Keys
December 28, 2013, 10:29:07 PM
#10
+1 to the above.

Quote from: bitpop on December 28, 2013, 11:08:49 AM
Glad my bitlocker does just that. You guys don't get a recovery key??

When you encrypt the boot drive with filevault, you are provided with a recovery key.  I wrote mine down.  As far as other encrypted volumes go, including time machine backups, you are not provided with a recovery key as far as I can tell.

Quote from: empoweoqwj on December 28, 2013, 04:57:18 AM
I really meant if you can see the keys, what's to stop someone stealing your Mac and grabbing them all?

You need to enter you credentials before the key(s) was displayed.
michagogo
member
Activity: 80
Merit: 10
Re: OS X Recovery Keys
December 28, 2013, 05:11:40 PM
#9
Quote from: empoweoqwj on December 28, 2013, 04:57:18 AM
I really meant if you can see the keys, what's to stop someone stealing your Mac and grabbing them all?

If someone steals your Mac and it's powered on and unlocked, then you've already lost all your data. If it's not, then those keys won't be accessible without first booting up, which requires the passphrase to decrypt the key.
bitpop
legendary
Activity: 2912
Merit: 1060
Re: OS X Recovery Keys
December 28, 2013, 11:08:49 AM
#8
Glad my bitlocker does just that. You guys don't get a recovery key??
empoweoqwj
hero member
Activity: 518
Merit: 500
Re: OS X Recovery Keys
December 28, 2013, 06:27:25 AM
#7
Quote from: Trizin on December 28, 2013, 05:34:58 AM
http://support.apple.com/kb/ht5077

I wish people would just post a quick answer, rather than a link which may or may not be useful.
stimpi
newbie
Activity: 7
Merit: 0
Re: OS X Recovery Keys
December 28, 2013, 05:42:51 AM
#6
It may be easier to disable filevault and then re-enable it. Once re-encrpyted, the master (backup) recovery key pops up in an alert box, which you can take a note of.

Trizin
member
Activity: 70
Merit: 10
Re: OS X Recovery Keys
December 28, 2013, 05:34:58 AM
#5
http://support.apple.com/kb/ht5077
empoweoqwj
hero member
Activity: 518
Merit: 500
Re: OS X Recovery Keys
December 28, 2013, 04:57:18 AM
#4
Quote from: Cubic Earth on December 28, 2013, 04:53:24 AM
It's a fundamental security weakness that us humans can only read plain text.  I would only be revealing it to myself in a secure environment.  Anyway, I've found some of what I was looking for.

Here is the option, as part of the "fdesetup" command.

 -outputplist
             Outputs the recovery key and additional system information to stdout in a plist dictionary.  If
             the recovery key changes, a Change key will be set and the EnableDate will contain the date of
             the change.   This should not be used when using the deferred mode.

Now my next question: where would that plist directory reside?

I really meant if you can see the keys, what's to stop someone stealing your Mac and grabbing them all?
Cubic Earth
legendary
Activity: 1176
Merit: 1018
Re: OS X Recovery Keys
December 28, 2013, 04:53:24 AM
#3
It's a fundamental security weakness that us humans can only read plain text.  I would only be revealing it to myself in a secure environment.  Anyway, I've found some of what I was looking for.

Here is the option, as part of the "fdesetup" command.

 -outputplist
             Outputs the recovery key and additional system information to stdout in a plist dictionary.  If
             the recovery key changes, a Change key will be set and the EnableDate will contain the date of
             the change.   This should not be used when using the deferred mode.

Now my next question: where would that plist directory reside?
empoweoqwj
hero member
Activity: 518
Merit: 500
Re: OS X Recovery Keys
December 28, 2013, 04:37:24 AM
#2
Quote from: Cubic Earth on December 28, 2013, 04:22:11 AM

I know this is a little bit off topic -

Does anyone know how make os x display the recovery key (really just the direct encryption key) for an encrypted drive?  I've been going though a process of doubling down on all of my security procedures.  One result is going to be a bunch of encrypted drives, and I will be greater risk of data loss if all else stays the same.

First I would like to make os x show me in - plain text - each of the keys.  Then would like to have a way to test out each of those keys and prove to myself they are capable of decrypting the drive.

Does anyone know some terminal commands that would work?  Google is not being my friend.

Thanks

Wouldn't be very secure if it just showed the keys in plain text would it ....
Cubic Earth
legendary
Activity: 1176
Merit: 1018
Re: OS X Recovery Keys
December 28, 2013, 04:22:11 AM
#1

I know this is a little bit off topic -

Does anyone know how make os x display the recovery key (really just the direct encryption key) for an encrypted drive?  I've been going though a process of doubling down on all of my security procedures.  One result is going to be a bunch of encrypted drives, and I will be greater risk of data loss if all else stays the same.

First I would like to make os x show me in - plain text - each of the keys.  Then would like to have a way to test out each of those keys and prove to myself they are capable of decrypting the drive.

Does anyone know some terminal commands that would work?  Google is not being my friend.

Thanks
Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Jump to: