Those that use OS X might be aware of FileVault. This post assumes you have already set up FileVault or have some knowledge of its capabilities – so for those of you who haven’t done this yet you might want to do it right now. Mac OS X Lion now allows you to encrypt (it uses XTS-AES 128 encryption) an entire volume instead of just your home folder.
The real improvement for me is that FileVault 2 (the Lion only version number) more importantly, now allows you to encrypt external disks, USB flash drives and memory cards which is the purpose of this post. As with TimeMachine, to be able to use FileVault 2 to encrypt your external data, you will first be asked to format the target drive, so if you have any legacy data, now might be a good time to port that data to another backup device. The following steps will show you how to create and mount an encrypted volume on an external disk:
Erase the target disk:
- Open Disk Utility and choose Erase tab then Mac OS Extended (Journaled, Encrypted) as the format type
- The case sensitive version allows you to treat MyFile.txt and my file.txt as different files – this can cause you problems later 🙁
Next you need to choose a password:
- The password* will be needed every time you mount the encrypted drive – so I suggest you store it in a password manager (and make the password strong)
- This version of FileVault encryption only works with Mac OS X Lion, so you will not be able to access from Windows or any other version of OS X
*You have the option to store the password in the Keychain – don’t ! 🙂
Note: If you migrated a home directory that was encrypted by an earlier version of FileVault, you will not be able to turn on FileVault 2. Further information on FileVault 2.
These improvements to some extent brings FileVault closer to my popular open source encryption software called TrueCrypt, but not quite close enough for me to say it would be my preference. I’ll stick with TrueCrypt which has been my trustworthy companion for some years now on both Windows and OS X platforms.
Update: It was also reported in the media earlier this month, that a Russian security company whom I know, cracked the encryption technology of FileVault in 40 mins but this was also the case with TrueCrypt. It was also claimed that their software could also decrypt Keychain files. A point worth mentioning here was their password cracking technique required access to the firewire port. BTW – Thunderbolt ports are protected from this vulnerability for now!
Safe surfing folks!