Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.4: A FileVault/wake from sleep password issue' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: A FileVault/wake from sleep password issue
Authored by: SOX on Jul 10, '06 05:03:23PM

yes but how does it decrypt it? I would bet it does not use the users passwrod to encrypt it since then you could not (easily) change a users password. I bet it uses the keychain. in whihc case everything I said is correct. that is the act of loggin in foirced by root would decrypt it.



[ Reply to This | # ]
You're correct, except not
Authored by: dethbunny on Jul 10, '06 11:31:08PM
You're correct in that the FileVault image is not encrypted with the user's password. It's encrypted with a private key that is stored in the keychain. The keychain, however, is encrypted with the user's password. [very slightly simplified]

That's why changing the account password through any method other than the Accounts prefpane results in numerous dialogs asking for the "password for the keychain 'login.'" A user cannot unlock a keychain unless the password is known, even if blessed with Admin powers. That's also why the Master Password is so important for FileVault - without that, any time the account password is forgotten all data becomes totally inaccessible.

Keychain and FileVault are actually very secure if strong passwords are used.

[ Reply to This | # ]
You're correct, except not
Authored by: SOX on Jul 11, '06 09:53:07AM

I don't think you are correct. When I change my password on my computer or sometimes after I do a system software update, when I run a program than wants keychain access it pops up and says my keycahin password has changed do you want to update the key chain. I don't need to enter my password to do that (after what would I enter, my old one or my new one?). I just click okay. instant keychain access.

thus root should be able to do this.



[ Reply to This | # ]