FileVault

Apple’s new version of Mac OS X is going to provide a new feature called FileVault, an automatic, configurable system that encrypts and decrypts your entire home directory at login and logout. It uses AES—currently the most advanced encryption available that’s not public key—and a 2048-bit key!

My initial thought at hearing this was that no one could possibly ever remember a 2048-bit key (256 characters, in other words, or 128 if using Unicode) and people would end up using “panther” or “edna” as their key, rendering the security easily breachable. A comment over at Slashdot cleared up the matter. It turns out that the 2048-bit key is probably a one-way hash of a much smaller key, thus making the key virtually uncrackable. That’s an elegant and awesome solution that makes me feel much more comfortable using it. Thanks, Apple!

[UPDATE: I keep hearing the 150 new features figure being bandied about, but I never knew what those 150 were (aside from the big ones mentioned at every opportunity). Apple has since put up a page listing each and every one of them. And my copy arrives tomorrow! Yeehaw.]

[UPDATE (10/24/03): Oops, FileVault isn’t 2048-bit encryption. It’s only 128 bit. I think 2048-bit encryption would result in massive disk usage. My mistake.]

Advertisements

%d bloggers like this: