Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Is a false sense of security better than nothing?' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Is a false sense of security better than nothing?
Authored by: noworryz on Mar 13, '03 01:45:57AM

Obviously, a lot of work went into this hint. Trouble is, there must be 50 ways to bypass Unix privileges, including starting up in single-user mode, booting OS 9, booting from a CD, and connecting (via FireWire) to another machine.

If you want any real security, you have to use encrypted disk images. These are files, made by Disk Copy or hdiutil, which request a passphrase when opened. If the correct passphrase is given, a disk volume appears on the desktop. You use the volume normally but once the volume is ejected, there is no way to read what you put on it without the passphrase. (Memorize the passphrase and avoid the Keychain if you value your privacy.)

If you eject your encrypted volumes before walking away from your machine, your personal information is secure even if the machine is stolen. Also, after a disk volume is ejected, you can back up its image file to CD or other media, without worrying about someone stealing the backup.

You can even implement multiple levels of security by nesting encrypted image files within other encrypted image files (using a different passphrase, of course). For example, with no images mounted, there is basic access to your machine. Mount your outer image to provide more file access. Mount an image file within it to access your really private stuff. You won't notice much, if any, delay due to the multiple layers of encryption and decryption going on.

There have been several OSXHints about encrypted disk images: making sparse images, moving info onto encrypted images, and keeping your mail on encrypted images.

[ Reply to This | # ]