Editing FileVault (section)

==FileVault==
The original version of FileVault was added in Mac OS X Panther to encrypt a user's home directory.

===Master passwords and recovery keys===
When FileVault is enabled the system invites the user to create a master password for the computer. If a user password is forgotten, the master password or recovery key may be used to decrypt the files instead.<ref name="aboutfv2" /> FileVault recovery key is different from a [[macOS|Mac]] recovery key, which is a 28-character code used to reset your password or regain access to your [[Apple ID]].

===Migration===
Migration of FileVault home directories is subject to two limitations:<ref>{{cite web | url=https://support.apple.com/kb/HT1554 | title=Archived - Mac OS X 10.3, 10.4: Transferring data with Setup Assistant / Migration Assistant FAQ | publisher=Apple | work=Apple support | access-date=January 21, 2013}}</ref>
* there must be no prior migration to the target computer
* the target must have no existing user accounts.
If Migration Assistant has already been used or if there are user accounts on the target:
* before migration, FileVault must be disabled at the source.

If transferring FileVault data from a previous Mac that uses 10.4 using the built-in utility to move data to a new machine, the data continues to be stored in the old sparse image format, and the user must turn FileVault off and then on again to re-encrypt in the new sparse bundle format.

===Manual encryption===
Instead of using FileVault to encrypt a user's home directory, using [[Disk Utility]] a user can create an encrypted disk image themselves and store any subset of their home directory in there (for example, {{mono|~/Documents/private}}). This encrypted image behaves similar to a FileVault encrypted home directory, but is under the user's maintenance.

Encrypting only a part of a user's home directory might be problematic when applications need access to the encrypted files, which will not be available until the user mounts the encrypted image. This can be mitigated to a certain extent by making [[symbolic links]] for these specific files.

===Limitations and issues===
====Backups====
{{hatnote|These limitations apply to versions of Mac OS X prior to OS X 10.7 Lion only.}}

Without Mac OS X Server, [[Time Machine (macOS)|Time Machine]] will back up a FileVault home directory only while the user is logged out. In such cases, Time Machine is limited to backing up the home directory in its entirety. Using Mac OS X Server as a Time Machine destination, backups of FileVault home directories occur while users are logged in.

Because FileVault restricts the ways in which other users' processes can access the user's content, some third party backup solutions can back up the contents of a user's FileVault home directory only if other parts of the computer (including other users' home directories) are excluded.<ref>{{cite web | url=http://support.crashplanpro.com/doku.php/recipe/encrypted_disks | title=Using Encrypted Disks | publisher=CrashPlan PROe | work=CrashPlan PROe support | access-date=January 21, 2013 | archive-date=January 14, 2013 | archive-url=https://web.archive.org/web/20130114071806/http://support.crashplanpro.com/doku.php/recipe/encrypted_disks | url-status=dead }}</ref><ref>{{cite web | url=http://support.crashplan.com/doku.php/how_to/use_with_filevault | title=Using CrashPlan with FileVault | publisher=CrashPlan | work=CrashPlan support | access-date=January 21, 2013 | archive-date=October 20, 2013 | archive-url=https://web.archive.org/web/20131020011200/http://support.crashplan.com/doku.php/how_to/use_with_filevault | url-status=dead }}</ref>

====Issues====
Several shortcomings were identified in legacy FileVault.  Its security can be broken by cracking either 1024-bit [[RSA (algorithm)|RSA]] or [[3DES-EDE]].

Legacy FileVault used the CBC mode of operation (see [[Disk encryption theory#CBC-based approaches|disk encryption theory]]); FileVault 2 uses stronger XTS-AES mode. Another issue is storage of keys in the macOS "safe sleep" mode.<ref name="nsa-vilefault">{{Cite conference |conference=23rd Chaos Communication Congress |location=Berlin |author-link1=Jacob Appelbaum |first1=Jacob |last1=Appelbaum |first2=Ralf-Philipp |last2=Weinmann |date=December 29, 2006 |title=Unlocking FileVault: An Analysis of Apple's disk encryption |url=https://events.ccc.de/congress/2006/Fahrplan/attachments/1244-23C3VileFault.pdf |access-date=March 31, 2007}}</ref> A study published in 2008 found [[data remanence]] in [[dynamic random-access memory]] (DRAM), with data retention of seconds to minutes at room temperature and much longer times when memory chips were cooled to low temperature. The study authors were able to use a [[cold boot attack]] to recover cryptographic keys for several popular disk encryption systems, including FileVault, by taking advantage of redundancy in the way keys are stored after they have been expanded for efficient use, such as in [[key scheduling]]. The authors recommend that computers be powered down, rather than be left in a "sleep" state, when not in physical control by the owner.<ref>{{Cite conference |conference=17th USENIX Security Symposium |location=San Jose, CA |title=Lest We Remember: Cold Boot Attacks on Encryption Keys |first=J. Alex |last=Halderman |date=February 2008 |url=http://citpsite.s3.amazonaws.com/wp-content/uploads/2019/01/23195456/halderman.pdf |display-authors=etal |df=mdy |author-link=J. Alex Halderman}}</ref>

Early versions of FileVault automatically stored the user's passphrase in the system keychain, requiring the user to notice and manually disable this security hole.

In 2006, following a talk at the 23rd [[Chaos Communication Congress]] titled ''Unlocking FileVault: An Analysis of Apple's Encrypted Disk Storage System'', [[Jacob Appelbaum]] & Ralf-Philipp Weinmann released ''VileFault'' which decrypts encrypted Mac OS X disk image files.<ref name="nsa-vilefault" />

A free space wipe using [[Disk Utility]] left a large portion of previously deleted file remnants intact. Similarly, FileVault compact operations only wiped small parts of previously deleted data.<ref>{{cite web | url=http://www.zdziarski.com/blog/?p=266 | title=File Vault's Dirty Little Secrets |date=January 1, 2008 |first=Jonathan |last=Zdziarski}}</ref>