Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.5: Insure that Time Machine runs on FileVault accounts' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Insure that Time Machine runs on FileVault accounts
Authored by: noworryz on Dec 03, '07 09:58:39AM

Several forum members have asked about "Safe Sleep" and what it means for FileVault. Safe sleep stores the entire contents of memory in the file /var/vm/sleepimage when the computer is put to sleep. With previous versions of the operating system, some people reported that cleartext FileVault passwords could be found in the file. More recently, the file appears to be encrypted but with the encryption key stored in the header of the file. Some file attributes have also been changed to make reading more difficult.

One difficulty is that the code for this is Apple proprietary so doing a security audit is very difficult. In any case, sleeping when logged into a FileVaulted account appears to be very insecure. Users may want to disable safe sleep using this hint. If not, logging out of the secure account and logging into a dummy account may help, especially if an application is then run that allocates large amounts of memory before putting the computer to sleep.

[ Reply to This | # ]