 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Mac Forum / Applications / Mac Applications / December 2007FileVault Security Question
I have heard repeatedly that if you lose your password, your stuff in filevault is history as even Apple won't be able to rescue you. However, since selling certain levels of encrypting software overseas is illegal, and OsX is sold overseas, how is Apple able to legally do that. Does the government have a secret way to open filevault that Apple just doesn't want to get involved in the business of file recovery? Or are they just trying to impress upon us the need not to forget our password? What might I be missing here? Someone If you need to kill me to tell me, forget it!  Signature************************ someone@somewherever.com In article <someone-58DE84.20022826112007@sn-ip.vsrv-sjc.supernews.net>, > I have heard repeatedly that if you lose your > password, your stuff in filevault is history [quoted text clipped - 11 lines] > > If you need to kill me to tell me, forget it! OK, we'll take it as read that we've "forgotten". You can make yourself crazy wondering what the government can or can't get into these days. It used to be that encryption technology was a CLASS 2 MUNITION in the days of the Clinton administration. Since then, encryption technology isn't regulated for export any more. Otherwise, Apple (and Microsoft and Sun and any other vendor) would have to provide a US-only version of their OS along with a "FOR EXPORT ONLY" copy without the encryption. I don't think they do that, so you're probably off the hook. If you hear the black vans or helicopters, I'm obviously grievously wrong... SignatureDeeDee, don't press that button! DeeDee! NO! Dee... > However, since selling certain levels of encrypting > software overseas is illegal, Fortunately those days are gone. Though I do have an RSA in Perl barcode t-shirt (purchased in the UK) which I used to wear to the airport when I would fly back to the UK from the US during those bad old days. Even though the t-shirt clearly stated that it was a munition, nobody every stopped me. > Or are they just trying to impress upon us the need not to forget our > password? What might I be missing here? Don't forget your FileVault password. The same is true with keychain passwords. > If you need to kill me to tell me, forget it! I doubt that the NSA could break the encryption, since the gap between what the NSA knows about cryptography and what the academic community knows appears to be narrower than it was back in the days of DES. But I could just as well be wrong in my guess. As the saying goes: Those who know don't say, and those who say don't know. I don't know. -j SignatureJeffrey Goldberg http://www.goldmark.org/jeff/ I rarely read top-posted, over-quoting or HTML postings. http://improve-usenet.org/ > I doubt that the NSA could break the encryption, since the gap between > what the NSA knows about cryptography and what the academic community > knows appears to be narrower than it was back in the days of DES. But > I could just as well be wrong in my guess. As the saying goes: That topic is pretty interesting. There have been a few articles that some of our encryption schemes may have some NSA backdoors installed. How true that is and how widespread, I don't know. My impression is that if you somehow bring the full attention of the NSA down upon you, they can likely break anything you have. It may take some time and alot of resources but they will do it. Scott Cole In article <someone-58DE84.20022826112007@sn-ip.vsrv-sjc.supernews.net>, > I have heard repeatedly that if you lose your > password, your stuff in filevault is history [quoted text clipped - 11 lines] > > If you need to kill me to tell me, forget it! It's been amended since then, but here's the largest change: <http://www.epic.org/crypto/export_controls/regs_1_00.html> Even without those changes, though, the key thing in your comment is the phrase "certain levels." All Apple would've had to do is make sure they stayed under those levels, whatever they were. > I have heard repeatedly that if you lose your > password, your stuff in filevault is history > as even Apple won't be able to rescue you. > However, since selling certain levels of encrypting > software overseas is illegal, and OsX is sold > overseas, how is Apple able to legally do that... Others have commented on the change in export regulations since the 90s. But there's one thing more: Apple uses an Official US Standard algorithm for the encryption. Smart move, since inventing your own cipher is dumb DUMB D*U*M*B. But you may bet that the standard that was developed with government backing for use in commerce wasn't designed to be illegal to use internationally. Which side you want take on the bet whether the government's approved cipher for us to use is secure against NSA or not: that's up to you. SignatureDan Drake dd@dandrake.com http://www.dandrake.com/ porlockjr.blogspot.com |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.