Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'This is why...' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
This is why...
Authored by: TrumpetPower! on Aug 12, '04 05:48:11PM

This is why OpenBSD encrypts its swap. One can hope that Apple will at least offer the option to encrypt swap at some point in the future.

OS X is great, but I wish it were based on OpenBSD, not FreeBSD....

Cheers,

b&



[ Reply to This | # ]
In the meantime you can use PGP disk
Authored by: hamarkus on Aug 12, '04 06:19:43PM

About a month ago there was a discussion on macintouch.com about security implications of the non-encrypted swap files (search the NEWS pages for swap AND encrypt).

There people recommended using PGP disk (instead of FileVault if I understood it correctly). It is erasing all pass phrases from memory directly after using them which should prevent them from ending up in a swap file.
http://www.pgp.com/products/desktop/comparison.html



[ Reply to This | # ]
PGP disk works great but.....
Authored by: hard-mac on Aug 12, '04 07:51:50PM

While PGP disk works great and I definately reccomnend it as a better replacement to those using FileVault (swap on or not). Using PGP Vault does still not adress all the other security concerns with using vm swap. Keychain login passwords and more are all written to swap plain text.

As I said above, this hint is for those people who need a higher level of security and is not for everyone.

---
-------------------------------------
Hardening Your Macintosh
http://members.lycos.co.uk/hardapple/



[ Reply to This | # ]
This is why...
Authored by: watersb on Aug 13, '04 06:59:24PM

Based on OpenBSD would not make sense for the Mac -- the whole point of OpenBSD is the code review process. So Apple could have their stuff submitted to OpenBSD's code review, but then ALL of their stuff would have to be open-source, and they would have to pull out Aqua etc. etc. etc... until such time as the review was completed. Bah!

To make matters worse, OpenBSD's disk encryption is weaker than the GEOM-based disk encryption in FreeBSD 5.x or the loop-aes in Linux. I can't comment on FileVault's strength because Apple won't show source code for it.

Probably there are errors in the application of encryption in FileVault just like all the others.

Proper use of encryption for disks is hard.



[ Reply to This | # ]