Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.7: Enable Time Machine encryption on Lion' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.7: Enable Time Machine encryption on Lion
Authored by: TrumpetPower! on Jul 22, '11 11:32:25AM

May I please take a moment to most strongly encourage people to think very, very, very hard before encrypting backups. Indeed, it's all but guaranteed that this is something you really, really don't want to do.

The whole point of backups is to be able to get to your data even if something bad happens.

The whole point of encryption is to make sure that nobody *including you* can get to your data if something bad happens.

The two concepts are mutually exclusive.

And it's that "including you" bit that people misunderstand the most. Encrypted files are extremely fragile by design. The idea is to prevent access unless it's guaranteed that everything is okay. If there's even something slightly wrong, your data may well be rendered perfectly unreadable. If you're going to your backup, it's because the original is already toast...and now so is your backup as well.

The *only* context in which encrypted backups even theoretically make sense is if the backups will be in a physically insecure location -- and there's almost no circumstance where it makes sense for an individual to leave backups in such a place. Apparently, the only way to get TimeMachine to encrypt backups is with a local disk that will be in the same physical location as the original data.

I'm willing to bet that only a vanishingly minuscule percentage of Mac OS X users are better off encrypting their backups than not. If you're one of those few, then you've already got well-established mechanisms in place for removing backups to secured offsite vaults or the like.

If you're reading this hint and you're thinking this might be cool to try...please don't. You're almost guaranteed to wish you hadn't.

(Of course, experimenting with non-critical data can be fun and educational -- my cautions only apply to people who actually care about the data they're trying to protect. And if you're the ultra-paranoid type, you hopefully are well aware of the risks and would much rather lose everything than have it fall into the worng hands.)

Cheers,

b&



[ Reply to This | # ]
10.7: Enable Time Machine encryption on Lion
Authored by: Ten on Jul 22, '11 11:54:57AM
Sorry, but this is hyperbole.

It's important to understand that if you encrypt a backup, if you lose your password you will have lost access to your backup. Additionally, if the header gets corrupted *and* the header backup gets corrupted (to my knowledge there's an automatic backup; at least that's the case with sparsebundles) then you also lose access, *but* in the very very rare event that does happened, if you're only using it as a backup drive, and you realise it's become corrupted, then you can simply make a new backup. There's of course a risk something will go wrong with your backup and your main computer simultaneously, but that's always been an issue with or without encryption.

Giving this advice to the average user is fair, but average users aren't browsing Mac OS X Hints. I think you need to give people more credit.

Personally, I'm a college student, I carry around an external HD with my laptop as my backup drive. My backup drive is, as you say, for if something bad happens, e.g. my laptop's hard drive dies. In that case, it still works as a backup. By using encryption, it ensures that if anyone steals my bag they can't have access to my files. It makes perfect sense to me and carries very little risk unless I forget my password which I shouldn't because I type it in every day.

Anyway, this is just plain wrong:

The whole point of backups is to be able to get to your data even if something bad happens.

The whole point of encryption is to make sure that nobody *including you* can get to your data if something bad happens.

The two concepts are mutually exclusive.

The whole point of encryption is that nobody can get access to your data without your permission, e.g. if someone steals your laptop. You don't want to have to be dealing with identity theft as well as having to buy a new laptop. It's not to prevent people getting to your data "if something bad happens" (like what?!)

Encrypted data is not "fragile by design" as you claim. There were problems with the original FileVault, back in Panther(!!!!) right when it was launched, that caused some people to lose some data and I fear that reputation will live with it, but your encrypted data is very safe now and a lot of engineering thought has gone into ensuring your data is safe over the last few years.

[ Reply to This | # ]

10.7: Enable Time Machine encryption on Lion
Authored by: hamarkus on Jul 27, '11 08:38:22AM

Every additional backup adds another layer of security against things going wrong. Every encryption adds another vector for things to go wrong. From a probability point of view, two encrypted backups are very likely safer than one unencrypted backup but one unencrypted backup is safer than one encrypted one (from a things-going-wrong perspective not from a keeping-your-data-private perspective, there obviously encryption is a boon).
I for once would add at least one more backup the moment I start encrypting things (both main drive and backup drive). And will MacDrive support encrypted backups? Being in a situation where all your backups are on HFS+ is pretty much standard, and being in a situation where you 'only' have a Windows PC to access your backups is a possible scenario for quite a number of people.



[ Reply to This | # ]
10.7: Enable Time Machine encryption on Lion
Authored by: Frederico on Jul 22, '11 12:21:39PM

> " If you're going to your backup, it's because the original is already toast...and now so is your backup as well."

Please present your data supporting this guaranteed outcome.

Are you sure you know how Time Machine encryption works? In my testing, an encrypted Time Machine drive can be carried to any machine and, as long as you know the password used when created, can be used to restore a user as thought it were a standard TM drive.

Your assertion simply does not compute.

Respectfully

F



[ Reply to This | # ]
10.7: Enable Time Machine encryption on Lion
Authored by: Crazor on Jul 22, '11 01:05:02PM

You can take your encrypted TM backup to any other Mac running Lion (right now only Lion supports Core Storage), connect it and enter your encryption password at the prompt.

I have an SSD and a HDD in my MacBook, and the former is backed up to the latter via TimeMachine, and having the backup encrypted is a godsend. I didn't bother with FileVault before, because having an unencrypted backup is kinda pointless...

If I didn't have two disks in my MacBook, I'd carry an external drive with me for TimeMachine, and I would also encrypt it. Better safe than sorry!

Edited on Jul 22, '11 01:07:13PM by Crazor



[ Reply to This | # ]